fortios.wirelesscontroller.Vap
Explore with Pulumi AI
Configure Virtual Access Points (VAPs).
Create Vap Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Vap(name: string, args?: VapArgs, opts?: CustomResourceOptions);@overload
def Vap(resource_name: str,
        args: Optional[VapArgs] = None,
        opts: Optional[ResourceOptions] = None)
@overload
def Vap(resource_name: str,
        opts: Optional[ResourceOptions] = None,
        access_control_list: Optional[str] = None,
        acct_interim_interval: Optional[int] = None,
        additional_akms: Optional[str] = None,
        address_group: Optional[str] = None,
        address_group_policy: Optional[str] = None,
        akm24_only: Optional[str] = None,
        alias: Optional[str] = None,
        antivirus_profile: Optional[str] = None,
        application_detection_engine: Optional[str] = None,
        application_dscp_marking: Optional[str] = None,
        application_list: Optional[str] = None,
        application_report_intv: Optional[int] = None,
        atf_weight: Optional[int] = None,
        auth: Optional[str] = None,
        auth_cert: Optional[str] = None,
        auth_portal_addr: Optional[str] = None,
        beacon_advertising: Optional[str] = None,
        beacon_protection: Optional[str] = None,
        broadcast_ssid: Optional[str] = None,
        broadcast_suppression: Optional[str] = None,
        bss_color_partial: Optional[str] = None,
        bstm_disassociation_imminent: Optional[str] = None,
        bstm_load_balancing_disassoc_timer: Optional[int] = None,
        bstm_rssi_disassoc_timer: Optional[int] = None,
        captive_portal: Optional[str] = None,
        captive_portal_ac_name: Optional[str] = None,
        captive_portal_auth_timeout: Optional[int] = None,
        captive_portal_fw_accounting: Optional[str] = None,
        captive_portal_macauth_radius_secret: Optional[str] = None,
        captive_portal_macauth_radius_server: Optional[str] = None,
        captive_portal_radius_secret: Optional[str] = None,
        captive_portal_radius_server: Optional[str] = None,
        captive_portal_session_timeout_interval: Optional[int] = None,
        dhcp_address_enforcement: Optional[str] = None,
        dhcp_lease_time: Optional[int] = None,
        dhcp_option43_insertion: Optional[str] = None,
        dhcp_option82_circuit_id_insertion: Optional[str] = None,
        dhcp_option82_insertion: Optional[str] = None,
        dhcp_option82_remote_id_insertion: Optional[str] = None,
        dynamic_sort_subtable: Optional[str] = None,
        dynamic_vlan: Optional[str] = None,
        eap_reauth: Optional[str] = None,
        eap_reauth_intv: Optional[int] = None,
        eapol_key_retries: Optional[str] = None,
        encrypt: Optional[str] = None,
        external_fast_roaming: Optional[str] = None,
        external_logout: Optional[str] = None,
        external_web: Optional[str] = None,
        external_web_format: Optional[str] = None,
        fast_bss_transition: Optional[str] = None,
        fast_roaming: Optional[str] = None,
        ft_mobility_domain: Optional[int] = None,
        ft_over_ds: Optional[str] = None,
        ft_r0_key_lifetime: Optional[int] = None,
        gas_comeback_delay: Optional[int] = None,
        gas_fragmentation_limit: Optional[int] = None,
        get_all_tables: Optional[str] = None,
        gtk_rekey: Optional[str] = None,
        gtk_rekey_intv: Optional[int] = None,
        high_efficiency: Optional[str] = None,
        hotspot20_profile: Optional[str] = None,
        igmp_snooping: Optional[str] = None,
        intra_vap_privacy: Optional[str] = None,
        ip: Optional[str] = None,
        ips_sensor: Optional[str] = None,
        ipv6_rules: Optional[str] = None,
        key: Optional[str] = None,
        keyindex: Optional[int] = None,
        l3_roaming: Optional[str] = None,
        l3_roaming_mode: Optional[str] = None,
        ldpc: Optional[str] = None,
        local_authentication: Optional[str] = None,
        local_bridging: Optional[str] = None,
        local_lan: Optional[str] = None,
        local_standalone: Optional[str] = None,
        local_standalone_dns: Optional[str] = None,
        local_standalone_dns_ip: Optional[str] = None,
        local_standalone_nat: Optional[str] = None,
        mac_auth_bypass: Optional[str] = None,
        mac_called_station_delimiter: Optional[str] = None,
        mac_calling_station_delimiter: Optional[str] = None,
        mac_case: Optional[str] = None,
        mac_filter: Optional[str] = None,
        mac_filter_lists: Optional[Sequence[VapMacFilterListArgs]] = None,
        mac_filter_policy_other: Optional[str] = None,
        mac_password_delimiter: Optional[str] = None,
        mac_username_delimiter: Optional[str] = None,
        max_clients: Optional[int] = None,
        max_clients_ap: Optional[int] = None,
        mbo: Optional[str] = None,
        mbo_cell_data_conn_pref: Optional[str] = None,
        me_disable_thresh: Optional[int] = None,
        mesh_backhaul: Optional[str] = None,
        mpsk: Optional[str] = None,
        mpsk_concurrent_clients: Optional[int] = None,
        mpsk_keys: Optional[Sequence[VapMpskKeyArgs]] = None,
        mpsk_profile: Optional[str] = None,
        mu_mimo: Optional[str] = None,
        multicast_enhance: Optional[str] = None,
        multicast_rate: Optional[str] = None,
        n80211k: Optional[str] = None,
        n80211v: Optional[str] = None,
        nac: Optional[str] = None,
        nac_profile: Optional[str] = None,
        name: Optional[str] = None,
        nas_filter_rule: Optional[str] = None,
        neighbor_report_dual_band: Optional[str] = None,
        okc: Optional[str] = None,
        osen: Optional[str] = None,
        owe_groups: Optional[str] = None,
        owe_transition: Optional[str] = None,
        owe_transition_ssid: Optional[str] = None,
        passphrase: Optional[str] = None,
        pmf: Optional[str] = None,
        pmf_assoc_comeback_timeout: Optional[int] = None,
        pmf_sa_query_retry_timeout: Optional[int] = None,
        port_macauth: Optional[str] = None,
        port_macauth_reauth_timeout: Optional[int] = None,
        port_macauth_timeout: Optional[int] = None,
        portal_message_override_group: Optional[str] = None,
        portal_message_overrides: Optional[VapPortalMessageOverridesArgs] = None,
        portal_type: Optional[str] = None,
        primary_wag_profile: Optional[str] = None,
        probe_resp_suppression: Optional[str] = None,
        probe_resp_threshold: Optional[str] = None,
        ptk_rekey: Optional[str] = None,
        ptk_rekey_intv: Optional[int] = None,
        qos_profile: Optional[str] = None,
        quarantine: Optional[str] = None,
        radio2g_threshold: Optional[str] = None,
        radio5g_threshold: Optional[str] = None,
        radio_sensitivity: Optional[str] = None,
        radius_mac_auth: Optional[str] = None,
        radius_mac_auth_block_interval: Optional[int] = None,
        radius_mac_auth_server: Optional[str] = None,
        radius_mac_auth_usergroups: Optional[Sequence[VapRadiusMacAuthUsergroupArgs]] = None,
        radius_mac_mpsk_auth: Optional[str] = None,
        radius_mac_mpsk_timeout: Optional[int] = None,
        radius_server: Optional[str] = None,
        rates11a: Optional[str] = None,
        rates11ac_mcs_map: Optional[str] = None,
        rates11ac_ss12: Optional[str] = None,
        rates11ac_ss34: Optional[str] = None,
        rates11ax_mcs_map: Optional[str] = None,
        rates11ax_ss12: Optional[str] = None,
        rates11ax_ss34: Optional[str] = None,
        rates11be_mcs_map: Optional[str] = None,
        rates11be_mcs_map160: Optional[str] = None,
        rates11be_mcs_map320: Optional[str] = None,
        rates11bg: Optional[str] = None,
        rates11n_ss12: Optional[str] = None,
        rates11n_ss34: Optional[str] = None,
        roaming_acct_interim_update: Optional[str] = None,
        sae_groups: Optional[str] = None,
        sae_h2e_only: Optional[str] = None,
        sae_hnp_only: Optional[str] = None,
        sae_password: Optional[str] = None,
        sae_pk: Optional[str] = None,
        sae_private_key: Optional[str] = None,
        scan_botnet_connections: Optional[str] = None,
        schedule: Optional[str] = None,
        secondary_wag_profile: Optional[str] = None,
        security: Optional[str] = None,
        security_exempt_list: Optional[str] = None,
        security_obsolete_option: Optional[str] = None,
        security_redirect_url: Optional[str] = None,
        selected_usergroups: Optional[Sequence[VapSelectedUsergroupArgs]] = None,
        split_tunneling: Optional[str] = None,
        ssid: Optional[str] = None,
        sticky_client_remove: Optional[str] = None,
        sticky_client_threshold2g: Optional[str] = None,
        sticky_client_threshold5g: Optional[str] = None,
        sticky_client_threshold6g: Optional[str] = None,
        target_wake_time: Optional[str] = None,
        tkip_counter_measure: Optional[str] = None,
        tunnel_echo_interval: Optional[int] = None,
        tunnel_fallback_interval: Optional[int] = None,
        usergroups: Optional[Sequence[VapUsergroupArgs]] = None,
        utm_log: Optional[str] = None,
        utm_profile: Optional[str] = None,
        utm_status: Optional[str] = None,
        vdomparam: Optional[str] = None,
        vlan_auto: Optional[str] = None,
        vlan_names: Optional[Sequence[VapVlanNameArgs]] = None,
        vlan_pooling: Optional[str] = None,
        vlan_pools: Optional[Sequence[VapVlanPoolArgs]] = None,
        vlanid: Optional[int] = None,
        voice_enterprise: Optional[str] = None,
        webfilter_profile: Optional[str] = None)func NewVap(ctx *Context, name string, args *VapArgs, opts ...ResourceOption) (*Vap, error)public Vap(string name, VapArgs? args = null, CustomResourceOptions? opts = null)type: fortios:wirelesscontroller:Vap
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args VapArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args VapArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args VapArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VapArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args VapArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var vapResource = new Fortios.Wirelesscontroller.Vap("vapResource", new()
{
    AccessControlList = "string",
    AcctInterimInterval = 0,
    AdditionalAkms = "string",
    AddressGroup = "string",
    AddressGroupPolicy = "string",
    Akm24Only = "string",
    Alias = "string",
    AntivirusProfile = "string",
    ApplicationDetectionEngine = "string",
    ApplicationDscpMarking = "string",
    ApplicationList = "string",
    ApplicationReportIntv = 0,
    AtfWeight = 0,
    Auth = "string",
    AuthCert = "string",
    AuthPortalAddr = "string",
    BeaconAdvertising = "string",
    BeaconProtection = "string",
    BroadcastSsid = "string",
    BroadcastSuppression = "string",
    BssColorPartial = "string",
    BstmDisassociationImminent = "string",
    BstmLoadBalancingDisassocTimer = 0,
    BstmRssiDisassocTimer = 0,
    CaptivePortal = "string",
    CaptivePortalAcName = "string",
    CaptivePortalAuthTimeout = 0,
    CaptivePortalFwAccounting = "string",
    CaptivePortalMacauthRadiusSecret = "string",
    CaptivePortalMacauthRadiusServer = "string",
    CaptivePortalRadiusSecret = "string",
    CaptivePortalRadiusServer = "string",
    CaptivePortalSessionTimeoutInterval = 0,
    DhcpAddressEnforcement = "string",
    DhcpLeaseTime = 0,
    DhcpOption43Insertion = "string",
    DhcpOption82CircuitIdInsertion = "string",
    DhcpOption82Insertion = "string",
    DhcpOption82RemoteIdInsertion = "string",
    DynamicSortSubtable = "string",
    DynamicVlan = "string",
    EapReauth = "string",
    EapReauthIntv = 0,
    EapolKeyRetries = "string",
    Encrypt = "string",
    ExternalFastRoaming = "string",
    ExternalLogout = "string",
    ExternalWeb = "string",
    ExternalWebFormat = "string",
    FastBssTransition = "string",
    FastRoaming = "string",
    FtMobilityDomain = 0,
    FtOverDs = "string",
    FtR0KeyLifetime = 0,
    GasComebackDelay = 0,
    GasFragmentationLimit = 0,
    GetAllTables = "string",
    GtkRekey = "string",
    GtkRekeyIntv = 0,
    HighEfficiency = "string",
    Hotspot20Profile = "string",
    IgmpSnooping = "string",
    IntraVapPrivacy = "string",
    Ip = "string",
    IpsSensor = "string",
    Ipv6Rules = "string",
    Key = "string",
    Keyindex = 0,
    L3Roaming = "string",
    L3RoamingMode = "string",
    Ldpc = "string",
    LocalAuthentication = "string",
    LocalBridging = "string",
    LocalLan = "string",
    LocalStandalone = "string",
    LocalStandaloneDns = "string",
    LocalStandaloneDnsIp = "string",
    LocalStandaloneNat = "string",
    MacAuthBypass = "string",
    MacCalledStationDelimiter = "string",
    MacCallingStationDelimiter = "string",
    MacCase = "string",
    MacFilter = "string",
    MacFilterLists = new[]
    {
        new Fortios.Wirelesscontroller.Inputs.VapMacFilterListArgs
        {
            Id = 0,
            Mac = "string",
            MacFilterPolicy = "string",
        },
    },
    MacFilterPolicyOther = "string",
    MacPasswordDelimiter = "string",
    MacUsernameDelimiter = "string",
    MaxClients = 0,
    MaxClientsAp = 0,
    Mbo = "string",
    MboCellDataConnPref = "string",
    MeDisableThresh = 0,
    MeshBackhaul = "string",
    Mpsk = "string",
    MpskConcurrentClients = 0,
    MpskKeys = new[]
    {
        new Fortios.Wirelesscontroller.Inputs.VapMpskKeyArgs
        {
            Comment = "string",
            ConcurrentClients = "string",
            KeyName = "string",
            MpskSchedules = new[]
            {
                new Fortios.Wirelesscontroller.Inputs.VapMpskKeyMpskScheduleArgs
                {
                    Name = "string",
                },
            },
            Passphrase = "string",
        },
    },
    MpskProfile = "string",
    MuMimo = "string",
    MulticastEnhance = "string",
    MulticastRate = "string",
    N80211k = "string",
    N80211v = "string",
    Nac = "string",
    NacProfile = "string",
    Name = "string",
    NasFilterRule = "string",
    NeighborReportDualBand = "string",
    Okc = "string",
    Osen = "string",
    OweGroups = "string",
    OweTransition = "string",
    OweTransitionSsid = "string",
    Passphrase = "string",
    Pmf = "string",
    PmfAssocComebackTimeout = 0,
    PmfSaQueryRetryTimeout = 0,
    PortMacauth = "string",
    PortMacauthReauthTimeout = 0,
    PortMacauthTimeout = 0,
    PortalMessageOverrideGroup = "string",
    PortalMessageOverrides = new Fortios.Wirelesscontroller.Inputs.VapPortalMessageOverridesArgs
    {
        AuthDisclaimerPage = "string",
        AuthLoginFailedPage = "string",
        AuthLoginPage = "string",
        AuthRejectPage = "string",
    },
    PortalType = "string",
    PrimaryWagProfile = "string",
    ProbeRespSuppression = "string",
    ProbeRespThreshold = "string",
    PtkRekey = "string",
    PtkRekeyIntv = 0,
    QosProfile = "string",
    Quarantine = "string",
    Radio2gThreshold = "string",
    Radio5gThreshold = "string",
    RadioSensitivity = "string",
    RadiusMacAuth = "string",
    RadiusMacAuthBlockInterval = 0,
    RadiusMacAuthServer = "string",
    RadiusMacAuthUsergroups = new[]
    {
        new Fortios.Wirelesscontroller.Inputs.VapRadiusMacAuthUsergroupArgs
        {
            Name = "string",
        },
    },
    RadiusMacMpskAuth = "string",
    RadiusMacMpskTimeout = 0,
    RadiusServer = "string",
    Rates11a = "string",
    Rates11acMcsMap = "string",
    Rates11acSs12 = "string",
    Rates11acSs34 = "string",
    Rates11axMcsMap = "string",
    Rates11axSs12 = "string",
    Rates11axSs34 = "string",
    Rates11beMcsMap = "string",
    Rates11beMcsMap160 = "string",
    Rates11beMcsMap320 = "string",
    Rates11bg = "string",
    Rates11nSs12 = "string",
    Rates11nSs34 = "string",
    RoamingAcctInterimUpdate = "string",
    SaeGroups = "string",
    SaeH2eOnly = "string",
    SaeHnpOnly = "string",
    SaePassword = "string",
    SaePk = "string",
    SaePrivateKey = "string",
    ScanBotnetConnections = "string",
    Schedule = "string",
    SecondaryWagProfile = "string",
    Security = "string",
    SecurityExemptList = "string",
    SecurityObsoleteOption = "string",
    SecurityRedirectUrl = "string",
    SelectedUsergroups = new[]
    {
        new Fortios.Wirelesscontroller.Inputs.VapSelectedUsergroupArgs
        {
            Name = "string",
        },
    },
    SplitTunneling = "string",
    Ssid = "string",
    StickyClientRemove = "string",
    StickyClientThreshold2g = "string",
    StickyClientThreshold5g = "string",
    StickyClientThreshold6g = "string",
    TargetWakeTime = "string",
    TkipCounterMeasure = "string",
    TunnelEchoInterval = 0,
    TunnelFallbackInterval = 0,
    Usergroups = new[]
    {
        new Fortios.Wirelesscontroller.Inputs.VapUsergroupArgs
        {
            Name = "string",
        },
    },
    UtmLog = "string",
    UtmProfile = "string",
    UtmStatus = "string",
    Vdomparam = "string",
    VlanAuto = "string",
    VlanNames = new[]
    {
        new Fortios.Wirelesscontroller.Inputs.VapVlanNameArgs
        {
            Name = "string",
            VlanId = 0,
        },
    },
    VlanPooling = "string",
    VlanPools = new[]
    {
        new Fortios.Wirelesscontroller.Inputs.VapVlanPoolArgs
        {
            Id = 0,
            WtpGroup = "string",
        },
    },
    Vlanid = 0,
    VoiceEnterprise = "string",
    WebfilterProfile = "string",
});
example, err := wirelesscontroller.NewVap(ctx, "vapResource", &wirelesscontroller.VapArgs{
	AccessControlList:                   pulumi.String("string"),
	AcctInterimInterval:                 pulumi.Int(0),
	AdditionalAkms:                      pulumi.String("string"),
	AddressGroup:                        pulumi.String("string"),
	AddressGroupPolicy:                  pulumi.String("string"),
	Akm24Only:                           pulumi.String("string"),
	Alias:                               pulumi.String("string"),
	AntivirusProfile:                    pulumi.String("string"),
	ApplicationDetectionEngine:          pulumi.String("string"),
	ApplicationDscpMarking:              pulumi.String("string"),
	ApplicationList:                     pulumi.String("string"),
	ApplicationReportIntv:               pulumi.Int(0),
	AtfWeight:                           pulumi.Int(0),
	Auth:                                pulumi.String("string"),
	AuthCert:                            pulumi.String("string"),
	AuthPortalAddr:                      pulumi.String("string"),
	BeaconAdvertising:                   pulumi.String("string"),
	BeaconProtection:                    pulumi.String("string"),
	BroadcastSsid:                       pulumi.String("string"),
	BroadcastSuppression:                pulumi.String("string"),
	BssColorPartial:                     pulumi.String("string"),
	BstmDisassociationImminent:          pulumi.String("string"),
	BstmLoadBalancingDisassocTimer:      pulumi.Int(0),
	BstmRssiDisassocTimer:               pulumi.Int(0),
	CaptivePortal:                       pulumi.String("string"),
	CaptivePortalAcName:                 pulumi.String("string"),
	CaptivePortalAuthTimeout:            pulumi.Int(0),
	CaptivePortalFwAccounting:           pulumi.String("string"),
	CaptivePortalMacauthRadiusSecret:    pulumi.String("string"),
	CaptivePortalMacauthRadiusServer:    pulumi.String("string"),
	CaptivePortalRadiusSecret:           pulumi.String("string"),
	CaptivePortalRadiusServer:           pulumi.String("string"),
	CaptivePortalSessionTimeoutInterval: pulumi.Int(0),
	DhcpAddressEnforcement:              pulumi.String("string"),
	DhcpLeaseTime:                       pulumi.Int(0),
	DhcpOption43Insertion:               pulumi.String("string"),
	DhcpOption82CircuitIdInsertion:      pulumi.String("string"),
	DhcpOption82Insertion:               pulumi.String("string"),
	DhcpOption82RemoteIdInsertion:       pulumi.String("string"),
	DynamicSortSubtable:                 pulumi.String("string"),
	DynamicVlan:                         pulumi.String("string"),
	EapReauth:                           pulumi.String("string"),
	EapReauthIntv:                       pulumi.Int(0),
	EapolKeyRetries:                     pulumi.String("string"),
	Encrypt:                             pulumi.String("string"),
	ExternalFastRoaming:                 pulumi.String("string"),
	ExternalLogout:                      pulumi.String("string"),
	ExternalWeb:                         pulumi.String("string"),
	ExternalWebFormat:                   pulumi.String("string"),
	FastBssTransition:                   pulumi.String("string"),
	FastRoaming:                         pulumi.String("string"),
	FtMobilityDomain:                    pulumi.Int(0),
	FtOverDs:                            pulumi.String("string"),
	FtR0KeyLifetime:                     pulumi.Int(0),
	GasComebackDelay:                    pulumi.Int(0),
	GasFragmentationLimit:               pulumi.Int(0),
	GetAllTables:                        pulumi.String("string"),
	GtkRekey:                            pulumi.String("string"),
	GtkRekeyIntv:                        pulumi.Int(0),
	HighEfficiency:                      pulumi.String("string"),
	Hotspot20Profile:                    pulumi.String("string"),
	IgmpSnooping:                        pulumi.String("string"),
	IntraVapPrivacy:                     pulumi.String("string"),
	Ip:                                  pulumi.String("string"),
	IpsSensor:                           pulumi.String("string"),
	Ipv6Rules:                           pulumi.String("string"),
	Key:                                 pulumi.String("string"),
	Keyindex:                            pulumi.Int(0),
	L3Roaming:                           pulumi.String("string"),
	L3RoamingMode:                       pulumi.String("string"),
	Ldpc:                                pulumi.String("string"),
	LocalAuthentication:                 pulumi.String("string"),
	LocalBridging:                       pulumi.String("string"),
	LocalLan:                            pulumi.String("string"),
	LocalStandalone:                     pulumi.String("string"),
	LocalStandaloneDns:                  pulumi.String("string"),
	LocalStandaloneDnsIp:                pulumi.String("string"),
	LocalStandaloneNat:                  pulumi.String("string"),
	MacAuthBypass:                       pulumi.String("string"),
	MacCalledStationDelimiter:           pulumi.String("string"),
	MacCallingStationDelimiter:          pulumi.String("string"),
	MacCase:                             pulumi.String("string"),
	MacFilter:                           pulumi.String("string"),
	MacFilterLists: wirelesscontroller.VapMacFilterListArray{
		&wirelesscontroller.VapMacFilterListArgs{
			Id:              pulumi.Int(0),
			Mac:             pulumi.String("string"),
			MacFilterPolicy: pulumi.String("string"),
		},
	},
	MacFilterPolicyOther:  pulumi.String("string"),
	MacPasswordDelimiter:  pulumi.String("string"),
	MacUsernameDelimiter:  pulumi.String("string"),
	MaxClients:            pulumi.Int(0),
	MaxClientsAp:          pulumi.Int(0),
	Mbo:                   pulumi.String("string"),
	MboCellDataConnPref:   pulumi.String("string"),
	MeDisableThresh:       pulumi.Int(0),
	MeshBackhaul:          pulumi.String("string"),
	Mpsk:                  pulumi.String("string"),
	MpskConcurrentClients: pulumi.Int(0),
	MpskKeys: wirelesscontroller.VapMpskKeyArray{
		&wirelesscontroller.VapMpskKeyArgs{
			Comment:           pulumi.String("string"),
			ConcurrentClients: pulumi.String("string"),
			KeyName:           pulumi.String("string"),
			MpskSchedules: wirelesscontroller.VapMpskKeyMpskScheduleArray{
				&wirelesscontroller.VapMpskKeyMpskScheduleArgs{
					Name: pulumi.String("string"),
				},
			},
			Passphrase: pulumi.String("string"),
		},
	},
	MpskProfile:                pulumi.String("string"),
	MuMimo:                     pulumi.String("string"),
	MulticastEnhance:           pulumi.String("string"),
	MulticastRate:              pulumi.String("string"),
	N80211k:                    pulumi.String("string"),
	N80211v:                    pulumi.String("string"),
	Nac:                        pulumi.String("string"),
	NacProfile:                 pulumi.String("string"),
	Name:                       pulumi.String("string"),
	NasFilterRule:              pulumi.String("string"),
	NeighborReportDualBand:     pulumi.String("string"),
	Okc:                        pulumi.String("string"),
	Osen:                       pulumi.String("string"),
	OweGroups:                  pulumi.String("string"),
	OweTransition:              pulumi.String("string"),
	OweTransitionSsid:          pulumi.String("string"),
	Passphrase:                 pulumi.String("string"),
	Pmf:                        pulumi.String("string"),
	PmfAssocComebackTimeout:    pulumi.Int(0),
	PmfSaQueryRetryTimeout:     pulumi.Int(0),
	PortMacauth:                pulumi.String("string"),
	PortMacauthReauthTimeout:   pulumi.Int(0),
	PortMacauthTimeout:         pulumi.Int(0),
	PortalMessageOverrideGroup: pulumi.String("string"),
	PortalMessageOverrides: &wirelesscontroller.VapPortalMessageOverridesArgs{
		AuthDisclaimerPage:  pulumi.String("string"),
		AuthLoginFailedPage: pulumi.String("string"),
		AuthLoginPage:       pulumi.String("string"),
		AuthRejectPage:      pulumi.String("string"),
	},
	PortalType:                 pulumi.String("string"),
	PrimaryWagProfile:          pulumi.String("string"),
	ProbeRespSuppression:       pulumi.String("string"),
	ProbeRespThreshold:         pulumi.String("string"),
	PtkRekey:                   pulumi.String("string"),
	PtkRekeyIntv:               pulumi.Int(0),
	QosProfile:                 pulumi.String("string"),
	Quarantine:                 pulumi.String("string"),
	Radio2gThreshold:           pulumi.String("string"),
	Radio5gThreshold:           pulumi.String("string"),
	RadioSensitivity:           pulumi.String("string"),
	RadiusMacAuth:              pulumi.String("string"),
	RadiusMacAuthBlockInterval: pulumi.Int(0),
	RadiusMacAuthServer:        pulumi.String("string"),
	RadiusMacAuthUsergroups: wirelesscontroller.VapRadiusMacAuthUsergroupArray{
		&wirelesscontroller.VapRadiusMacAuthUsergroupArgs{
			Name: pulumi.String("string"),
		},
	},
	RadiusMacMpskAuth:        pulumi.String("string"),
	RadiusMacMpskTimeout:     pulumi.Int(0),
	RadiusServer:             pulumi.String("string"),
	Rates11a:                 pulumi.String("string"),
	Rates11acMcsMap:          pulumi.String("string"),
	Rates11acSs12:            pulumi.String("string"),
	Rates11acSs34:            pulumi.String("string"),
	Rates11axMcsMap:          pulumi.String("string"),
	Rates11axSs12:            pulumi.String("string"),
	Rates11axSs34:            pulumi.String("string"),
	Rates11beMcsMap:          pulumi.String("string"),
	Rates11beMcsMap160:       pulumi.String("string"),
	Rates11beMcsMap320:       pulumi.String("string"),
	Rates11bg:                pulumi.String("string"),
	Rates11nSs12:             pulumi.String("string"),
	Rates11nSs34:             pulumi.String("string"),
	RoamingAcctInterimUpdate: pulumi.String("string"),
	SaeGroups:                pulumi.String("string"),
	SaeH2eOnly:               pulumi.String("string"),
	SaeHnpOnly:               pulumi.String("string"),
	SaePassword:              pulumi.String("string"),
	SaePk:                    pulumi.String("string"),
	SaePrivateKey:            pulumi.String("string"),
	ScanBotnetConnections:    pulumi.String("string"),
	Schedule:                 pulumi.String("string"),
	SecondaryWagProfile:      pulumi.String("string"),
	Security:                 pulumi.String("string"),
	SecurityExemptList:       pulumi.String("string"),
	SecurityObsoleteOption:   pulumi.String("string"),
	SecurityRedirectUrl:      pulumi.String("string"),
	SelectedUsergroups: wirelesscontroller.VapSelectedUsergroupArray{
		&wirelesscontroller.VapSelectedUsergroupArgs{
			Name: pulumi.String("string"),
		},
	},
	SplitTunneling:          pulumi.String("string"),
	Ssid:                    pulumi.String("string"),
	StickyClientRemove:      pulumi.String("string"),
	StickyClientThreshold2g: pulumi.String("string"),
	StickyClientThreshold5g: pulumi.String("string"),
	StickyClientThreshold6g: pulumi.String("string"),
	TargetWakeTime:          pulumi.String("string"),
	TkipCounterMeasure:      pulumi.String("string"),
	TunnelEchoInterval:      pulumi.Int(0),
	TunnelFallbackInterval:  pulumi.Int(0),
	Usergroups: wirelesscontroller.VapUsergroupArray{
		&wirelesscontroller.VapUsergroupArgs{
			Name: pulumi.String("string"),
		},
	},
	UtmLog:     pulumi.String("string"),
	UtmProfile: pulumi.String("string"),
	UtmStatus:  pulumi.String("string"),
	Vdomparam:  pulumi.String("string"),
	VlanAuto:   pulumi.String("string"),
	VlanNames: wirelesscontroller.VapVlanNameArray{
		&wirelesscontroller.VapVlanNameArgs{
			Name:   pulumi.String("string"),
			VlanId: pulumi.Int(0),
		},
	},
	VlanPooling: pulumi.String("string"),
	VlanPools: wirelesscontroller.VapVlanPoolArray{
		&wirelesscontroller.VapVlanPoolArgs{
			Id:       pulumi.Int(0),
			WtpGroup: pulumi.String("string"),
		},
	},
	Vlanid:           pulumi.Int(0),
	VoiceEnterprise:  pulumi.String("string"),
	WebfilterProfile: pulumi.String("string"),
})
var vapResource = new Vap("vapResource", VapArgs.builder()
    .accessControlList("string")
    .acctInterimInterval(0)
    .additionalAkms("string")
    .addressGroup("string")
    .addressGroupPolicy("string")
    .akm24Only("string")
    .alias("string")
    .antivirusProfile("string")
    .applicationDetectionEngine("string")
    .applicationDscpMarking("string")
    .applicationList("string")
    .applicationReportIntv(0)
    .atfWeight(0)
    .auth("string")
    .authCert("string")
    .authPortalAddr("string")
    .beaconAdvertising("string")
    .beaconProtection("string")
    .broadcastSsid("string")
    .broadcastSuppression("string")
    .bssColorPartial("string")
    .bstmDisassociationImminent("string")
    .bstmLoadBalancingDisassocTimer(0)
    .bstmRssiDisassocTimer(0)
    .captivePortal("string")
    .captivePortalAcName("string")
    .captivePortalAuthTimeout(0)
    .captivePortalFwAccounting("string")
    .captivePortalMacauthRadiusSecret("string")
    .captivePortalMacauthRadiusServer("string")
    .captivePortalRadiusSecret("string")
    .captivePortalRadiusServer("string")
    .captivePortalSessionTimeoutInterval(0)
    .dhcpAddressEnforcement("string")
    .dhcpLeaseTime(0)
    .dhcpOption43Insertion("string")
    .dhcpOption82CircuitIdInsertion("string")
    .dhcpOption82Insertion("string")
    .dhcpOption82RemoteIdInsertion("string")
    .dynamicSortSubtable("string")
    .dynamicVlan("string")
    .eapReauth("string")
    .eapReauthIntv(0)
    .eapolKeyRetries("string")
    .encrypt("string")
    .externalFastRoaming("string")
    .externalLogout("string")
    .externalWeb("string")
    .externalWebFormat("string")
    .fastBssTransition("string")
    .fastRoaming("string")
    .ftMobilityDomain(0)
    .ftOverDs("string")
    .ftR0KeyLifetime(0)
    .gasComebackDelay(0)
    .gasFragmentationLimit(0)
    .getAllTables("string")
    .gtkRekey("string")
    .gtkRekeyIntv(0)
    .highEfficiency("string")
    .hotspot20Profile("string")
    .igmpSnooping("string")
    .intraVapPrivacy("string")
    .ip("string")
    .ipsSensor("string")
    .ipv6Rules("string")
    .key("string")
    .keyindex(0)
    .l3Roaming("string")
    .l3RoamingMode("string")
    .ldpc("string")
    .localAuthentication("string")
    .localBridging("string")
    .localLan("string")
    .localStandalone("string")
    .localStandaloneDns("string")
    .localStandaloneDnsIp("string")
    .localStandaloneNat("string")
    .macAuthBypass("string")
    .macCalledStationDelimiter("string")
    .macCallingStationDelimiter("string")
    .macCase("string")
    .macFilter("string")
    .macFilterLists(VapMacFilterListArgs.builder()
        .id(0)
        .mac("string")
        .macFilterPolicy("string")
        .build())
    .macFilterPolicyOther("string")
    .macPasswordDelimiter("string")
    .macUsernameDelimiter("string")
    .maxClients(0)
    .maxClientsAp(0)
    .mbo("string")
    .mboCellDataConnPref("string")
    .meDisableThresh(0)
    .meshBackhaul("string")
    .mpsk("string")
    .mpskConcurrentClients(0)
    .mpskKeys(VapMpskKeyArgs.builder()
        .comment("string")
        .concurrentClients("string")
        .keyName("string")
        .mpskSchedules(VapMpskKeyMpskScheduleArgs.builder()
            .name("string")
            .build())
        .passphrase("string")
        .build())
    .mpskProfile("string")
    .muMimo("string")
    .multicastEnhance("string")
    .multicastRate("string")
    .n80211k("string")
    .n80211v("string")
    .nac("string")
    .nacProfile("string")
    .name("string")
    .nasFilterRule("string")
    .neighborReportDualBand("string")
    .okc("string")
    .osen("string")
    .oweGroups("string")
    .oweTransition("string")
    .oweTransitionSsid("string")
    .passphrase("string")
    .pmf("string")
    .pmfAssocComebackTimeout(0)
    .pmfSaQueryRetryTimeout(0)
    .portMacauth("string")
    .portMacauthReauthTimeout(0)
    .portMacauthTimeout(0)
    .portalMessageOverrideGroup("string")
    .portalMessageOverrides(VapPortalMessageOverridesArgs.builder()
        .authDisclaimerPage("string")
        .authLoginFailedPage("string")
        .authLoginPage("string")
        .authRejectPage("string")
        .build())
    .portalType("string")
    .primaryWagProfile("string")
    .probeRespSuppression("string")
    .probeRespThreshold("string")
    .ptkRekey("string")
    .ptkRekeyIntv(0)
    .qosProfile("string")
    .quarantine("string")
    .radio2gThreshold("string")
    .radio5gThreshold("string")
    .radioSensitivity("string")
    .radiusMacAuth("string")
    .radiusMacAuthBlockInterval(0)
    .radiusMacAuthServer("string")
    .radiusMacAuthUsergroups(VapRadiusMacAuthUsergroupArgs.builder()
        .name("string")
        .build())
    .radiusMacMpskAuth("string")
    .radiusMacMpskTimeout(0)
    .radiusServer("string")
    .rates11a("string")
    .rates11acMcsMap("string")
    .rates11acSs12("string")
    .rates11acSs34("string")
    .rates11axMcsMap("string")
    .rates11axSs12("string")
    .rates11axSs34("string")
    .rates11beMcsMap("string")
    .rates11beMcsMap160("string")
    .rates11beMcsMap320("string")
    .rates11bg("string")
    .rates11nSs12("string")
    .rates11nSs34("string")
    .roamingAcctInterimUpdate("string")
    .saeGroups("string")
    .saeH2eOnly("string")
    .saeHnpOnly("string")
    .saePassword("string")
    .saePk("string")
    .saePrivateKey("string")
    .scanBotnetConnections("string")
    .schedule("string")
    .secondaryWagProfile("string")
    .security("string")
    .securityExemptList("string")
    .securityObsoleteOption("string")
    .securityRedirectUrl("string")
    .selectedUsergroups(VapSelectedUsergroupArgs.builder()
        .name("string")
        .build())
    .splitTunneling("string")
    .ssid("string")
    .stickyClientRemove("string")
    .stickyClientThreshold2g("string")
    .stickyClientThreshold5g("string")
    .stickyClientThreshold6g("string")
    .targetWakeTime("string")
    .tkipCounterMeasure("string")
    .tunnelEchoInterval(0)
    .tunnelFallbackInterval(0)
    .usergroups(VapUsergroupArgs.builder()
        .name("string")
        .build())
    .utmLog("string")
    .utmProfile("string")
    .utmStatus("string")
    .vdomparam("string")
    .vlanAuto("string")
    .vlanNames(VapVlanNameArgs.builder()
        .name("string")
        .vlanId(0)
        .build())
    .vlanPooling("string")
    .vlanPools(VapVlanPoolArgs.builder()
        .id(0)
        .wtpGroup("string")
        .build())
    .vlanid(0)
    .voiceEnterprise("string")
    .webfilterProfile("string")
    .build());
vap_resource = fortios.wirelesscontroller.Vap("vapResource",
    access_control_list="string",
    acct_interim_interval=0,
    additional_akms="string",
    address_group="string",
    address_group_policy="string",
    akm24_only="string",
    alias="string",
    antivirus_profile="string",
    application_detection_engine="string",
    application_dscp_marking="string",
    application_list="string",
    application_report_intv=0,
    atf_weight=0,
    auth="string",
    auth_cert="string",
    auth_portal_addr="string",
    beacon_advertising="string",
    beacon_protection="string",
    broadcast_ssid="string",
    broadcast_suppression="string",
    bss_color_partial="string",
    bstm_disassociation_imminent="string",
    bstm_load_balancing_disassoc_timer=0,
    bstm_rssi_disassoc_timer=0,
    captive_portal="string",
    captive_portal_ac_name="string",
    captive_portal_auth_timeout=0,
    captive_portal_fw_accounting="string",
    captive_portal_macauth_radius_secret="string",
    captive_portal_macauth_radius_server="string",
    captive_portal_radius_secret="string",
    captive_portal_radius_server="string",
    captive_portal_session_timeout_interval=0,
    dhcp_address_enforcement="string",
    dhcp_lease_time=0,
    dhcp_option43_insertion="string",
    dhcp_option82_circuit_id_insertion="string",
    dhcp_option82_insertion="string",
    dhcp_option82_remote_id_insertion="string",
    dynamic_sort_subtable="string",
    dynamic_vlan="string",
    eap_reauth="string",
    eap_reauth_intv=0,
    eapol_key_retries="string",
    encrypt="string",
    external_fast_roaming="string",
    external_logout="string",
    external_web="string",
    external_web_format="string",
    fast_bss_transition="string",
    fast_roaming="string",
    ft_mobility_domain=0,
    ft_over_ds="string",
    ft_r0_key_lifetime=0,
    gas_comeback_delay=0,
    gas_fragmentation_limit=0,
    get_all_tables="string",
    gtk_rekey="string",
    gtk_rekey_intv=0,
    high_efficiency="string",
    hotspot20_profile="string",
    igmp_snooping="string",
    intra_vap_privacy="string",
    ip="string",
    ips_sensor="string",
    ipv6_rules="string",
    key="string",
    keyindex=0,
    l3_roaming="string",
    l3_roaming_mode="string",
    ldpc="string",
    local_authentication="string",
    local_bridging="string",
    local_lan="string",
    local_standalone="string",
    local_standalone_dns="string",
    local_standalone_dns_ip="string",
    local_standalone_nat="string",
    mac_auth_bypass="string",
    mac_called_station_delimiter="string",
    mac_calling_station_delimiter="string",
    mac_case="string",
    mac_filter="string",
    mac_filter_lists=[{
        "id": 0,
        "mac": "string",
        "mac_filter_policy": "string",
    }],
    mac_filter_policy_other="string",
    mac_password_delimiter="string",
    mac_username_delimiter="string",
    max_clients=0,
    max_clients_ap=0,
    mbo="string",
    mbo_cell_data_conn_pref="string",
    me_disable_thresh=0,
    mesh_backhaul="string",
    mpsk="string",
    mpsk_concurrent_clients=0,
    mpsk_keys=[{
        "comment": "string",
        "concurrent_clients": "string",
        "key_name": "string",
        "mpsk_schedules": [{
            "name": "string",
        }],
        "passphrase": "string",
    }],
    mpsk_profile="string",
    mu_mimo="string",
    multicast_enhance="string",
    multicast_rate="string",
    n80211k="string",
    n80211v="string",
    nac="string",
    nac_profile="string",
    name="string",
    nas_filter_rule="string",
    neighbor_report_dual_band="string",
    okc="string",
    osen="string",
    owe_groups="string",
    owe_transition="string",
    owe_transition_ssid="string",
    passphrase="string",
    pmf="string",
    pmf_assoc_comeback_timeout=0,
    pmf_sa_query_retry_timeout=0,
    port_macauth="string",
    port_macauth_reauth_timeout=0,
    port_macauth_timeout=0,
    portal_message_override_group="string",
    portal_message_overrides={
        "auth_disclaimer_page": "string",
        "auth_login_failed_page": "string",
        "auth_login_page": "string",
        "auth_reject_page": "string",
    },
    portal_type="string",
    primary_wag_profile="string",
    probe_resp_suppression="string",
    probe_resp_threshold="string",
    ptk_rekey="string",
    ptk_rekey_intv=0,
    qos_profile="string",
    quarantine="string",
    radio2g_threshold="string",
    radio5g_threshold="string",
    radio_sensitivity="string",
    radius_mac_auth="string",
    radius_mac_auth_block_interval=0,
    radius_mac_auth_server="string",
    radius_mac_auth_usergroups=[{
        "name": "string",
    }],
    radius_mac_mpsk_auth="string",
    radius_mac_mpsk_timeout=0,
    radius_server="string",
    rates11a="string",
    rates11ac_mcs_map="string",
    rates11ac_ss12="string",
    rates11ac_ss34="string",
    rates11ax_mcs_map="string",
    rates11ax_ss12="string",
    rates11ax_ss34="string",
    rates11be_mcs_map="string",
    rates11be_mcs_map160="string",
    rates11be_mcs_map320="string",
    rates11bg="string",
    rates11n_ss12="string",
    rates11n_ss34="string",
    roaming_acct_interim_update="string",
    sae_groups="string",
    sae_h2e_only="string",
    sae_hnp_only="string",
    sae_password="string",
    sae_pk="string",
    sae_private_key="string",
    scan_botnet_connections="string",
    schedule="string",
    secondary_wag_profile="string",
    security="string",
    security_exempt_list="string",
    security_obsolete_option="string",
    security_redirect_url="string",
    selected_usergroups=[{
        "name": "string",
    }],
    split_tunneling="string",
    ssid="string",
    sticky_client_remove="string",
    sticky_client_threshold2g="string",
    sticky_client_threshold5g="string",
    sticky_client_threshold6g="string",
    target_wake_time="string",
    tkip_counter_measure="string",
    tunnel_echo_interval=0,
    tunnel_fallback_interval=0,
    usergroups=[{
        "name": "string",
    }],
    utm_log="string",
    utm_profile="string",
    utm_status="string",
    vdomparam="string",
    vlan_auto="string",
    vlan_names=[{
        "name": "string",
        "vlan_id": 0,
    }],
    vlan_pooling="string",
    vlan_pools=[{
        "id": 0,
        "wtp_group": "string",
    }],
    vlanid=0,
    voice_enterprise="string",
    webfilter_profile="string")
const vapResource = new fortios.wirelesscontroller.Vap("vapResource", {
    accessControlList: "string",
    acctInterimInterval: 0,
    additionalAkms: "string",
    addressGroup: "string",
    addressGroupPolicy: "string",
    akm24Only: "string",
    alias: "string",
    antivirusProfile: "string",
    applicationDetectionEngine: "string",
    applicationDscpMarking: "string",
    applicationList: "string",
    applicationReportIntv: 0,
    atfWeight: 0,
    auth: "string",
    authCert: "string",
    authPortalAddr: "string",
    beaconAdvertising: "string",
    beaconProtection: "string",
    broadcastSsid: "string",
    broadcastSuppression: "string",
    bssColorPartial: "string",
    bstmDisassociationImminent: "string",
    bstmLoadBalancingDisassocTimer: 0,
    bstmRssiDisassocTimer: 0,
    captivePortal: "string",
    captivePortalAcName: "string",
    captivePortalAuthTimeout: 0,
    captivePortalFwAccounting: "string",
    captivePortalMacauthRadiusSecret: "string",
    captivePortalMacauthRadiusServer: "string",
    captivePortalRadiusSecret: "string",
    captivePortalRadiusServer: "string",
    captivePortalSessionTimeoutInterval: 0,
    dhcpAddressEnforcement: "string",
    dhcpLeaseTime: 0,
    dhcpOption43Insertion: "string",
    dhcpOption82CircuitIdInsertion: "string",
    dhcpOption82Insertion: "string",
    dhcpOption82RemoteIdInsertion: "string",
    dynamicSortSubtable: "string",
    dynamicVlan: "string",
    eapReauth: "string",
    eapReauthIntv: 0,
    eapolKeyRetries: "string",
    encrypt: "string",
    externalFastRoaming: "string",
    externalLogout: "string",
    externalWeb: "string",
    externalWebFormat: "string",
    fastBssTransition: "string",
    fastRoaming: "string",
    ftMobilityDomain: 0,
    ftOverDs: "string",
    ftR0KeyLifetime: 0,
    gasComebackDelay: 0,
    gasFragmentationLimit: 0,
    getAllTables: "string",
    gtkRekey: "string",
    gtkRekeyIntv: 0,
    highEfficiency: "string",
    hotspot20Profile: "string",
    igmpSnooping: "string",
    intraVapPrivacy: "string",
    ip: "string",
    ipsSensor: "string",
    ipv6Rules: "string",
    key: "string",
    keyindex: 0,
    l3Roaming: "string",
    l3RoamingMode: "string",
    ldpc: "string",
    localAuthentication: "string",
    localBridging: "string",
    localLan: "string",
    localStandalone: "string",
    localStandaloneDns: "string",
    localStandaloneDnsIp: "string",
    localStandaloneNat: "string",
    macAuthBypass: "string",
    macCalledStationDelimiter: "string",
    macCallingStationDelimiter: "string",
    macCase: "string",
    macFilter: "string",
    macFilterLists: [{
        id: 0,
        mac: "string",
        macFilterPolicy: "string",
    }],
    macFilterPolicyOther: "string",
    macPasswordDelimiter: "string",
    macUsernameDelimiter: "string",
    maxClients: 0,
    maxClientsAp: 0,
    mbo: "string",
    mboCellDataConnPref: "string",
    meDisableThresh: 0,
    meshBackhaul: "string",
    mpsk: "string",
    mpskConcurrentClients: 0,
    mpskKeys: [{
        comment: "string",
        concurrentClients: "string",
        keyName: "string",
        mpskSchedules: [{
            name: "string",
        }],
        passphrase: "string",
    }],
    mpskProfile: "string",
    muMimo: "string",
    multicastEnhance: "string",
    multicastRate: "string",
    n80211k: "string",
    n80211v: "string",
    nac: "string",
    nacProfile: "string",
    name: "string",
    nasFilterRule: "string",
    neighborReportDualBand: "string",
    okc: "string",
    osen: "string",
    oweGroups: "string",
    oweTransition: "string",
    oweTransitionSsid: "string",
    passphrase: "string",
    pmf: "string",
    pmfAssocComebackTimeout: 0,
    pmfSaQueryRetryTimeout: 0,
    portMacauth: "string",
    portMacauthReauthTimeout: 0,
    portMacauthTimeout: 0,
    portalMessageOverrideGroup: "string",
    portalMessageOverrides: {
        authDisclaimerPage: "string",
        authLoginFailedPage: "string",
        authLoginPage: "string",
        authRejectPage: "string",
    },
    portalType: "string",
    primaryWagProfile: "string",
    probeRespSuppression: "string",
    probeRespThreshold: "string",
    ptkRekey: "string",
    ptkRekeyIntv: 0,
    qosProfile: "string",
    quarantine: "string",
    radio2gThreshold: "string",
    radio5gThreshold: "string",
    radioSensitivity: "string",
    radiusMacAuth: "string",
    radiusMacAuthBlockInterval: 0,
    radiusMacAuthServer: "string",
    radiusMacAuthUsergroups: [{
        name: "string",
    }],
    radiusMacMpskAuth: "string",
    radiusMacMpskTimeout: 0,
    radiusServer: "string",
    rates11a: "string",
    rates11acMcsMap: "string",
    rates11acSs12: "string",
    rates11acSs34: "string",
    rates11axMcsMap: "string",
    rates11axSs12: "string",
    rates11axSs34: "string",
    rates11beMcsMap: "string",
    rates11beMcsMap160: "string",
    rates11beMcsMap320: "string",
    rates11bg: "string",
    rates11nSs12: "string",
    rates11nSs34: "string",
    roamingAcctInterimUpdate: "string",
    saeGroups: "string",
    saeH2eOnly: "string",
    saeHnpOnly: "string",
    saePassword: "string",
    saePk: "string",
    saePrivateKey: "string",
    scanBotnetConnections: "string",
    schedule: "string",
    secondaryWagProfile: "string",
    security: "string",
    securityExemptList: "string",
    securityObsoleteOption: "string",
    securityRedirectUrl: "string",
    selectedUsergroups: [{
        name: "string",
    }],
    splitTunneling: "string",
    ssid: "string",
    stickyClientRemove: "string",
    stickyClientThreshold2g: "string",
    stickyClientThreshold5g: "string",
    stickyClientThreshold6g: "string",
    targetWakeTime: "string",
    tkipCounterMeasure: "string",
    tunnelEchoInterval: 0,
    tunnelFallbackInterval: 0,
    usergroups: [{
        name: "string",
    }],
    utmLog: "string",
    utmProfile: "string",
    utmStatus: "string",
    vdomparam: "string",
    vlanAuto: "string",
    vlanNames: [{
        name: "string",
        vlanId: 0,
    }],
    vlanPooling: "string",
    vlanPools: [{
        id: 0,
        wtpGroup: "string",
    }],
    vlanid: 0,
    voiceEnterprise: "string",
    webfilterProfile: "string",
});
type: fortios:wirelesscontroller:Vap
properties:
    accessControlList: string
    acctInterimInterval: 0
    additionalAkms: string
    addressGroup: string
    addressGroupPolicy: string
    akm24Only: string
    alias: string
    antivirusProfile: string
    applicationDetectionEngine: string
    applicationDscpMarking: string
    applicationList: string
    applicationReportIntv: 0
    atfWeight: 0
    auth: string
    authCert: string
    authPortalAddr: string
    beaconAdvertising: string
    beaconProtection: string
    broadcastSsid: string
    broadcastSuppression: string
    bssColorPartial: string
    bstmDisassociationImminent: string
    bstmLoadBalancingDisassocTimer: 0
    bstmRssiDisassocTimer: 0
    captivePortal: string
    captivePortalAcName: string
    captivePortalAuthTimeout: 0
    captivePortalFwAccounting: string
    captivePortalMacauthRadiusSecret: string
    captivePortalMacauthRadiusServer: string
    captivePortalRadiusSecret: string
    captivePortalRadiusServer: string
    captivePortalSessionTimeoutInterval: 0
    dhcpAddressEnforcement: string
    dhcpLeaseTime: 0
    dhcpOption43Insertion: string
    dhcpOption82CircuitIdInsertion: string
    dhcpOption82Insertion: string
    dhcpOption82RemoteIdInsertion: string
    dynamicSortSubtable: string
    dynamicVlan: string
    eapReauth: string
    eapReauthIntv: 0
    eapolKeyRetries: string
    encrypt: string
    externalFastRoaming: string
    externalLogout: string
    externalWeb: string
    externalWebFormat: string
    fastBssTransition: string
    fastRoaming: string
    ftMobilityDomain: 0
    ftOverDs: string
    ftR0KeyLifetime: 0
    gasComebackDelay: 0
    gasFragmentationLimit: 0
    getAllTables: string
    gtkRekey: string
    gtkRekeyIntv: 0
    highEfficiency: string
    hotspot20Profile: string
    igmpSnooping: string
    intraVapPrivacy: string
    ip: string
    ipsSensor: string
    ipv6Rules: string
    key: string
    keyindex: 0
    l3Roaming: string
    l3RoamingMode: string
    ldpc: string
    localAuthentication: string
    localBridging: string
    localLan: string
    localStandalone: string
    localStandaloneDns: string
    localStandaloneDnsIp: string
    localStandaloneNat: string
    macAuthBypass: string
    macCalledStationDelimiter: string
    macCallingStationDelimiter: string
    macCase: string
    macFilter: string
    macFilterLists:
        - id: 0
          mac: string
          macFilterPolicy: string
    macFilterPolicyOther: string
    macPasswordDelimiter: string
    macUsernameDelimiter: string
    maxClients: 0
    maxClientsAp: 0
    mbo: string
    mboCellDataConnPref: string
    meDisableThresh: 0
    meshBackhaul: string
    mpsk: string
    mpskConcurrentClients: 0
    mpskKeys:
        - comment: string
          concurrentClients: string
          keyName: string
          mpskSchedules:
            - name: string
          passphrase: string
    mpskProfile: string
    muMimo: string
    multicastEnhance: string
    multicastRate: string
    n80211k: string
    n80211v: string
    nac: string
    nacProfile: string
    name: string
    nasFilterRule: string
    neighborReportDualBand: string
    okc: string
    osen: string
    oweGroups: string
    oweTransition: string
    oweTransitionSsid: string
    passphrase: string
    pmf: string
    pmfAssocComebackTimeout: 0
    pmfSaQueryRetryTimeout: 0
    portMacauth: string
    portMacauthReauthTimeout: 0
    portMacauthTimeout: 0
    portalMessageOverrideGroup: string
    portalMessageOverrides:
        authDisclaimerPage: string
        authLoginFailedPage: string
        authLoginPage: string
        authRejectPage: string
    portalType: string
    primaryWagProfile: string
    probeRespSuppression: string
    probeRespThreshold: string
    ptkRekey: string
    ptkRekeyIntv: 0
    qosProfile: string
    quarantine: string
    radio2gThreshold: string
    radio5gThreshold: string
    radioSensitivity: string
    radiusMacAuth: string
    radiusMacAuthBlockInterval: 0
    radiusMacAuthServer: string
    radiusMacAuthUsergroups:
        - name: string
    radiusMacMpskAuth: string
    radiusMacMpskTimeout: 0
    radiusServer: string
    rates11a: string
    rates11acMcsMap: string
    rates11acSs12: string
    rates11acSs34: string
    rates11axMcsMap: string
    rates11axSs12: string
    rates11axSs34: string
    rates11beMcsMap: string
    rates11beMcsMap160: string
    rates11beMcsMap320: string
    rates11bg: string
    rates11nSs12: string
    rates11nSs34: string
    roamingAcctInterimUpdate: string
    saeGroups: string
    saeH2eOnly: string
    saeHnpOnly: string
    saePassword: string
    saePk: string
    saePrivateKey: string
    scanBotnetConnections: string
    schedule: string
    secondaryWagProfile: string
    security: string
    securityExemptList: string
    securityObsoleteOption: string
    securityRedirectUrl: string
    selectedUsergroups:
        - name: string
    splitTunneling: string
    ssid: string
    stickyClientRemove: string
    stickyClientThreshold2g: string
    stickyClientThreshold5g: string
    stickyClientThreshold6g: string
    targetWakeTime: string
    tkipCounterMeasure: string
    tunnelEchoInterval: 0
    tunnelFallbackInterval: 0
    usergroups:
        - name: string
    utmLog: string
    utmProfile: string
    utmStatus: string
    vdomparam: string
    vlanAuto: string
    vlanNames:
        - name: string
          vlanId: 0
    vlanPooling: string
    vlanPools:
        - id: 0
          wtpGroup: string
    vlanid: 0
    voiceEnterprise: string
    webfilterProfile: string
Vap Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Vap resource accepts the following input properties:
- AccessControl stringList 
- access-control-list profile name.
- AcctInterim intInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- AdditionalAkms string
- Additional AKMs.
- AddressGroup string
- Address group ID.
- AddressGroup stringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- Akm24Only string
- WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable,enable.
- Alias string
- Alias.
- AntivirusProfile string
- AntiVirus profile name.
- ApplicationDetection stringEngine 
- Enable/disable application detection engine (default = disable). Valid values: enable,disable.
- ApplicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable,disable.
- ApplicationList string
- Application control list name.
- ApplicationReport intIntv 
- Application report interval (30 - 864000 sec, default = 120).
- AtfWeight int
- Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol.
- AuthCert string
- HTTPS server certificate.
- AuthPortal stringAddr 
- Address of captive portal.
- BeaconAdvertising string
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- BeaconProtection string
- Enable/disable beacon protection support (default = disable). Valid values: disable,enable.
- BroadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: enable,disable.
- BroadcastSuppression string
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- BssColor stringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable,disable.
- BstmDisassociation stringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable,disable.
- BstmLoad intBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- BstmRssi intDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- CaptivePortal string
- Enable/disable captive portal. Valid values: enable,disable.
- CaptivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- CaptivePortal intAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- CaptivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable,disable.
- CaptivePortal stringMacauth Radius Secret 
- Secret key to access the macauth RADIUS server.
- CaptivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- CaptivePortal stringRadius Secret 
- Secret key to access the RADIUS server.
- CaptivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- CaptivePortal intSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- DhcpAddress stringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: enable,disable.
- DhcpLease intTime 
- DHCP lease time in seconds for NAT IP address.
- DhcpOption43Insertion string
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable,disable.
- DhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable).
- DhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: enable,disable.
- DhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1,disable.
- DynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- DynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: enable,disable.
- EapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable,disable.
- EapReauth intIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- EapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- ExternalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable,disable.
- ExternalLogout string
- URL of external authentication logout server.
- ExternalWeb string
- URL of external authentication web server.
- ExternalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- FastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- FastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable,disable.
- FtMobility intDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- FtOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- FtR0Key intLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- GasComeback intDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- GasFragmentation intLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- GtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: enable,disable.
- GtkRekey intIntv 
- GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- HighEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable,disable.
- Hotspot20Profile string
- Hotspot 2.0 profile name.
- IgmpSnooping string
- Enable/disable IGMP snooping. Valid values: enable,disable.
- IntraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable,disable.
- Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- IpsSensor string
- IPS sensor name.
- Ipv6Rules string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- Key string
- WEP Key.
- Keyindex int
- WEP key index (1 - 4).
- L3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values: enable,disable.
- L3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,rx,tx,rxtx.
- LocalAuthentication string
- Enable/disable AP local authentication. Valid values: enable,disable.
- LocalBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable,disable.
- LocalLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow,deny.
- LocalStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: enable,disable.
- LocalStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: enable,disable.
- LocalStandalone stringDns Ip 
- IPv4 addresses for the local standalone DNS.
- LocalStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: enable,disable.
- MacAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: enable,disable.
- MacCalled stringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCalling stringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCase string
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- MacFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable,disable.
- MacFilter List<Pulumiverse.Lists Fortios. Wirelesscontroller. Inputs. Vap Mac Filter List> 
- Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_listblock is documented below.
- MacFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow,deny.
- MacPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MaxClients int
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- MaxClients intAp 
- Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- Mbo string
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- MboCell stringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- MeDisable intThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- MeshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable,disable.
- Mpsk string
- Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable,disable.
- MpskConcurrent intClients 
- Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- MpskKeys List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Mpsk Key> 
- Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_keyblock is documented below.
- MpskProfile string
- MPSK profile name.
- MuMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: enable,disable.
- MulticastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable,disable.
- MulticastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- Nac string
- Enable/disable network access control. Valid values: enable,disable.
- NacProfile string
- NAC profile name.
- Name string
- Virtual AP name.
- NasFilter stringRule 
- Enable/disable NAS filter rule support (default = disable). Valid values: enable,disable.
- NeighborReport stringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: enable,disable.
- OweGroups string
- OWE-Groups. Valid values: 19,20,21.
- OweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- OweTransition stringSsid 
- OWE transition mode peer SSID.
- Passphrase string
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- PmfAssoc intComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- PmfSa intQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- PortMacauth string
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- PortMacauth intReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- PortMacauth intTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- PortalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- PortalMessage Pulumiverse.Overrides Fortios. Wirelesscontroller. Inputs. Vap Portal Message Overrides 
- Individual message overrides. The structure of portal_message_overridesblock is documented below.
- PortalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- PrimaryWag stringProfile 
- Primary wireless access gateway profile name.
- ProbeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable,disable.
- ProbeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- PtkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable,disable.
- PtkRekey intIntv 
- PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- QosProfile string
- Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values: enable,disable.
- Radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- RadioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable,disable.
- RadiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable,disable.
- RadiusMac intAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- RadiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- RadiusMac List<Pulumiverse.Auth Usergroups Fortios. Wirelesscontroller. Inputs. Vap Radius Mac Auth Usergroup> 
- Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroupsblock is documented below.
- RadiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable,disable.
- RadiusMac intMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- RadiusServer string
- RADIUS server to be used to authenticate WiFi users.
- Rates11a string
- Allowed data rates for 802.11a.
- Rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11acSs12 string
- Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11acSs34 string
- Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11axSs12 string
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11axSs34 string
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11beMcs stringMap 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- Rates11beMcs stringMap160 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- Rates11beMcs stringMap320 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- Rates11bg string
- Allowed data rates for 802.11b/g.
- Rates11nSs12 string
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- Rates11nSs34 string
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- RoamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable,disable.
- SaeGroups string
- SAE-Groups. Valid values: 19,20,21.
- SaeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- SaeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- SaePassword string
- WPA3 SAE password to be used to authenticate WiFi users.
- SaePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable,disable.
- SaePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- ScanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,monitor,block.
- Schedule string
- VAP schedule name.
- SecondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal).
- SecurityExempt stringList 
- Optional security exempt list for captive portal authentication.
- SecurityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: enable,disable.
- SecurityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- SelectedUsergroups List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Selected Usergroup> 
- Selective user groups that are permitted to authenticate. The structure of selected_usergroupsblock is documented below.
- SplitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: enable,disable.
- Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- StickyClient stringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable,disable.
- StickyClient stringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- StickyClient stringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- StickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- TargetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: enable,disable.
- TkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: enable,disable.
- TunnelEcho intInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- TunnelFallback intInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroups
List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Usergroup> 
- Firewall user group to be used to authenticate WiFi users. The structure of usergroupblock is documented below.
- UtmLog string
- Enable/disable UTM logging. Valid values: enable,disable.
- UtmProfile string
- UTM profile name.
- UtmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable,disable.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- VlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: enable,disable.
- VlanNames List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Vlan Name> 
- Table for mapping VLAN name to VLAN ID. The structure of vlan_nameblock is documented below.
- VlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- VlanPools List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Vlan Pool> 
- VLAN pool. The structure of vlan_poolblock is documented below.
- Vlanid int
- Optional VLAN ID.
- VoiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- WebfilterProfile string
- WebFilter profile name.
- AccessControl stringList 
- access-control-list profile name.
- AcctInterim intInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- AdditionalAkms string
- Additional AKMs.
- AddressGroup string
- Address group ID.
- AddressGroup stringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- Akm24Only string
- WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable,enable.
- Alias string
- Alias.
- AntivirusProfile string
- AntiVirus profile name.
- ApplicationDetection stringEngine 
- Enable/disable application detection engine (default = disable). Valid values: enable,disable.
- ApplicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable,disable.
- ApplicationList string
- Application control list name.
- ApplicationReport intIntv 
- Application report interval (30 - 864000 sec, default = 120).
- AtfWeight int
- Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol.
- AuthCert string
- HTTPS server certificate.
- AuthPortal stringAddr 
- Address of captive portal.
- BeaconAdvertising string
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- BeaconProtection string
- Enable/disable beacon protection support (default = disable). Valid values: disable,enable.
- BroadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: enable,disable.
- BroadcastSuppression string
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- BssColor stringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable,disable.
- BstmDisassociation stringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable,disable.
- BstmLoad intBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- BstmRssi intDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- CaptivePortal string
- Enable/disable captive portal. Valid values: enable,disable.
- CaptivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- CaptivePortal intAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- CaptivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable,disable.
- CaptivePortal stringMacauth Radius Secret 
- Secret key to access the macauth RADIUS server.
- CaptivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- CaptivePortal stringRadius Secret 
- Secret key to access the RADIUS server.
- CaptivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- CaptivePortal intSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- DhcpAddress stringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: enable,disable.
- DhcpLease intTime 
- DHCP lease time in seconds for NAT IP address.
- DhcpOption43Insertion string
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable,disable.
- DhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable).
- DhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: enable,disable.
- DhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1,disable.
- DynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- DynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: enable,disable.
- EapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable,disable.
- EapReauth intIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- EapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- ExternalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable,disable.
- ExternalLogout string
- URL of external authentication logout server.
- ExternalWeb string
- URL of external authentication web server.
- ExternalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- FastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- FastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable,disable.
- FtMobility intDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- FtOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- FtR0Key intLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- GasComeback intDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- GasFragmentation intLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- GtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: enable,disable.
- GtkRekey intIntv 
- GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- HighEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable,disable.
- Hotspot20Profile string
- Hotspot 2.0 profile name.
- IgmpSnooping string
- Enable/disable IGMP snooping. Valid values: enable,disable.
- IntraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable,disable.
- Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- IpsSensor string
- IPS sensor name.
- Ipv6Rules string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- Key string
- WEP Key.
- Keyindex int
- WEP key index (1 - 4).
- L3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values: enable,disable.
- L3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,rx,tx,rxtx.
- LocalAuthentication string
- Enable/disable AP local authentication. Valid values: enable,disable.
- LocalBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable,disable.
- LocalLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow,deny.
- LocalStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: enable,disable.
- LocalStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: enable,disable.
- LocalStandalone stringDns Ip 
- IPv4 addresses for the local standalone DNS.
- LocalStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: enable,disable.
- MacAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: enable,disable.
- MacCalled stringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCalling stringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCase string
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- MacFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable,disable.
- MacFilter []VapLists Mac Filter List Args 
- Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_listblock is documented below.
- MacFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow,deny.
- MacPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MaxClients int
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- MaxClients intAp 
- Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- Mbo string
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- MboCell stringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- MeDisable intThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- MeshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable,disable.
- Mpsk string
- Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable,disable.
- MpskConcurrent intClients 
- Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- MpskKeys []VapMpsk Key Args 
- Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_keyblock is documented below.
- MpskProfile string
- MPSK profile name.
- MuMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: enable,disable.
- MulticastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable,disable.
- MulticastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- Nac string
- Enable/disable network access control. Valid values: enable,disable.
- NacProfile string
- NAC profile name.
- Name string
- Virtual AP name.
- NasFilter stringRule 
- Enable/disable NAS filter rule support (default = disable). Valid values: enable,disable.
- NeighborReport stringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: enable,disable.
- OweGroups string
- OWE-Groups. Valid values: 19,20,21.
- OweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- OweTransition stringSsid 
- OWE transition mode peer SSID.
- Passphrase string
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- PmfAssoc intComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- PmfSa intQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- PortMacauth string
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- PortMacauth intReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- PortMacauth intTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- PortalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- PortalMessage VapOverrides Portal Message Overrides Args 
- Individual message overrides. The structure of portal_message_overridesblock is documented below.
- PortalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- PrimaryWag stringProfile 
- Primary wireless access gateway profile name.
- ProbeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable,disable.
- ProbeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- PtkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable,disable.
- PtkRekey intIntv 
- PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- QosProfile string
- Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values: enable,disable.
- Radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- RadioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable,disable.
- RadiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable,disable.
- RadiusMac intAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- RadiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- RadiusMac []VapAuth Usergroups Radius Mac Auth Usergroup Args 
- Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroupsblock is documented below.
- RadiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable,disable.
- RadiusMac intMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- RadiusServer string
- RADIUS server to be used to authenticate WiFi users.
- Rates11a string
- Allowed data rates for 802.11a.
- Rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11acSs12 string
- Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11acSs34 string
- Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11axSs12 string
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11axSs34 string
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11beMcs stringMap 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- Rates11beMcs stringMap160 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- Rates11beMcs stringMap320 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- Rates11bg string
- Allowed data rates for 802.11b/g.
- Rates11nSs12 string
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- Rates11nSs34 string
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- RoamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable,disable.
- SaeGroups string
- SAE-Groups. Valid values: 19,20,21.
- SaeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- SaeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- SaePassword string
- WPA3 SAE password to be used to authenticate WiFi users.
- SaePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable,disable.
- SaePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- ScanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,monitor,block.
- Schedule string
- VAP schedule name.
- SecondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal).
- SecurityExempt stringList 
- Optional security exempt list for captive portal authentication.
- SecurityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: enable,disable.
- SecurityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- SelectedUsergroups []VapSelected Usergroup Args 
- Selective user groups that are permitted to authenticate. The structure of selected_usergroupsblock is documented below.
- SplitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: enable,disable.
- Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- StickyClient stringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable,disable.
- StickyClient stringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- StickyClient stringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- StickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- TargetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: enable,disable.
- TkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: enable,disable.
- TunnelEcho intInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- TunnelFallback intInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroups
[]VapUsergroup Args 
- Firewall user group to be used to authenticate WiFi users. The structure of usergroupblock is documented below.
- UtmLog string
- Enable/disable UTM logging. Valid values: enable,disable.
- UtmProfile string
- UTM profile name.
- UtmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable,disable.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- VlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: enable,disable.
- VlanNames []VapVlan Name Args 
- Table for mapping VLAN name to VLAN ID. The structure of vlan_nameblock is documented below.
- VlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- VlanPools []VapVlan Pool Args 
- VLAN pool. The structure of vlan_poolblock is documented below.
- Vlanid int
- Optional VLAN ID.
- VoiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- WebfilterProfile string
- WebFilter profile name.
- accessControl StringList 
- access-control-list profile name.
- acctInterim IntegerInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms String
- Additional AKMs.
- addressGroup String
- Address group ID.
- addressGroup StringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- akm24Only String
- WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable,enable.
- alias String
- Alias.
- antivirusProfile String
- AntiVirus profile name.
- applicationDetection StringEngine 
- Enable/disable application detection engine (default = disable). Valid values: enable,disable.
- applicationDscp StringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable,disable.
- applicationList String
- Application control list name.
- applicationReport IntegerIntv 
- Application report interval (30 - 864000 sec, default = 120).
- atfWeight Integer
- Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol.
- authCert String
- HTTPS server certificate.
- authPortal StringAddr 
- Address of captive portal.
- beaconAdvertising String
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- beaconProtection String
- Enable/disable beacon protection support (default = disable). Valid values: disable,enable.
- broadcastSsid String
- Enable/disable broadcasting the SSID (default = enable). Valid values: enable,disable.
- broadcastSuppression String
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bssColor StringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable,disable.
- bstmDisassociation StringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable,disable.
- bstmLoad IntegerBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstmRssi IntegerDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captivePortal String
- Enable/disable captive portal. Valid values: enable,disable.
- captivePortal StringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal IntegerAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captivePortal StringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable,disable.
- captivePortal StringMacauth Radius Secret 
- Secret key to access the macauth RADIUS server.
- captivePortal StringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal StringRadius Secret 
- Secret key to access the RADIUS server.
- captivePortal StringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal IntegerSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcpAddress StringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: enable,disable.
- dhcpLease IntegerTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion String
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable,disable.
- dhcpOption82Circuit StringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcpOption82Insertion String
- Enable/disable DHCP option 82 insert (default = disable). Valid values: enable,disable.
- dhcpOption82Remote StringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1,disable.
- dynamicSort StringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamicVlan String
- Enable/disable dynamic VLAN assignment. Valid values: enable,disable.
- eapReauth String
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable,disable.
- eapReauth IntegerIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey StringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast StringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable,disable.
- externalLogout String
- URL of external authentication logout server.
- externalWeb String
- URL of external authentication web server.
- externalWeb StringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss StringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming String
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable,disable.
- ftMobility IntegerDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver StringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key IntegerLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback IntegerDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gasFragmentation IntegerLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtkRekey String
- Enable/disable GTK rekey for WPA security. Valid values: enable,disable.
- gtkRekey IntegerIntv 
- GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- highEfficiency String
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable,disable.
- hotspot20Profile String
- Hotspot 2.0 profile name.
- igmpSnooping String
- Enable/disable IGMP snooping. Valid values: enable,disable.
- intraVap StringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable,disable.
- ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor String
- IPS sensor name.
- ipv6Rules String
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- key String
- WEP Key.
- keyindex Integer
- WEP key index (1 - 4).
- l3Roaming String
- Enable/disable layer 3 roaming (default = disable). Valid values: enable,disable.
- l3RoamingMode String
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,rx,tx,rxtx.
- localAuthentication String
- Enable/disable AP local authentication. Valid values: enable,disable.
- localBridging String
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable,disable.
- localLan String
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow,deny.
- localStandalone String
- Enable/disable AP local standalone (default = disable). Valid values: enable,disable.
- localStandalone StringDns 
- Enable/disable AP local standalone DNS. Valid values: enable,disable.
- localStandalone StringDns Ip 
- IPv4 addresses for the local standalone DNS.
- localStandalone StringNat 
- Enable/disable AP local standalone NAT mode. Valid values: enable,disable.
- macAuth StringBypass 
- Enable/disable MAC authentication bypass. Valid values: enable,disable.
- macCalled StringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCalling StringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCase String
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- macFilter String
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable,disable.
- macFilter List<VapLists Mac Filter List> 
- Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_listblock is documented below.
- macFilter StringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow,deny.
- macPassword StringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- maxClients Integer
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients IntegerAp 
- Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo String
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mboCell StringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- meDisable IntegerThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul String
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable,disable.
- mpsk String
- Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable,disable.
- mpskConcurrent IntegerClients 
- Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpskKeys List<VapMpsk Key> 
- Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_keyblock is documented below.
- mpskProfile String
- MPSK profile name.
- muMimo String
- Enable/disable Multi-user MIMO (default = enable). Valid values: enable,disable.
- multicastEnhance String
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable,disable.
- multicastRate String
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac String
- Enable/disable network access control. Valid values: enable,disable.
- nacProfile String
- NAC profile name.
- name String
- Virtual AP name.
- nasFilter StringRule 
- Enable/disable NAS filter rule support (default = disable). Valid values: enable,disable.
- neighborReport StringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values: enable,disable.
- oweGroups String
- OWE-Groups. Valid values: 19,20,21.
- oweTransition String
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition StringSsid 
- OWE transition mode peer SSID.
- passphrase String
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc IntegerComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa IntegerQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth String
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- portMacauth IntegerReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- portMacauth IntegerTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portalMessage StringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalMessage VapOverrides Portal Message Overrides 
- Individual message overrides. The structure of portal_message_overridesblock is documented below.
- portalType String
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primaryWag StringProfile 
- Primary wireless access gateway profile name.
- probeResp StringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable,disable.
- probeResp StringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey String
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable,disable.
- ptkRekey IntegerIntv 
- PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qosProfile String
- Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values: enable,disable.
- radio2gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity String
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable,disable.
- radiusMac StringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable,disable.
- radiusMac IntegerAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac StringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac List<VapAuth Usergroups Radius Mac Auth Usergroup> 
- Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroupsblock is documented below.
- radiusMac StringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable,disable.
- radiusMac IntegerMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer String
- RADIUS server to be used to authenticate WiFi users.
- rates11a String
- Allowed data rates for 802.11a.
- rates11acMcs StringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12 String
- Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11acSs34 String
- Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11axMcs StringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12 String
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34 String
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11beMcs StringMap 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11beMcs StringMap160 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11beMcs StringMap320 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg String
- Allowed data rates for 802.11b/g.
- rates11nSs12 String
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34 String
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct StringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable,disable.
- saeGroups String
- SAE-Groups. Valid values: 19,20,21.
- saeH2e StringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- saeHnp StringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- saePassword String
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk String
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable,disable.
- saePrivate StringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet StringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,monitor,block.
- schedule String
- VAP schedule name.
- secondaryWag StringProfile 
- Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal).
- securityExempt StringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete StringOption 
- Enable/disable obsolete security options. Valid values: enable,disable.
- securityRedirect StringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups List<VapSelected Usergroup> 
- Selective user groups that are permitted to authenticate. The structure of selected_usergroupsblock is documented below.
- splitTunneling String
- Enable/disable split tunneling (default = disable). Valid values: enable,disable.
- ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient StringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable,disable.
- stickyClient StringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- stickyClient StringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- stickyClient StringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake StringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: enable,disable.
- tkipCounter StringMeasure 
- Enable/disable TKIP counter measure. Valid values: enable,disable.
- tunnelEcho IntegerInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback IntegerInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups
List<VapUsergroup> 
- Firewall user group to be used to authenticate WiFi users. The structure of usergroupblock is documented below.
- utmLog String
- Enable/disable UTM logging. Valid values: enable,disable.
- utmProfile String
- UTM profile name.
- utmStatus String
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable,disable.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlanAuto String
- Enable/disable automatic management of SSID VLAN interface. Valid values: enable,disable.
- vlanNames List<VapVlan Name> 
- Table for mapping VLAN name to VLAN ID. The structure of vlan_nameblock is documented below.
- vlanPooling String
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanPools List<VapVlan Pool> 
- VLAN pool. The structure of vlan_poolblock is documented below.
- vlanid Integer
- Optional VLAN ID.
- voiceEnterprise String
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile String
- WebFilter profile name.
- accessControl stringList 
- access-control-list profile name.
- acctInterim numberInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms string
- Additional AKMs.
- addressGroup string
- Address group ID.
- addressGroup stringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- akm24Only string
- WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable,enable.
- alias string
- Alias.
- antivirusProfile string
- AntiVirus profile name.
- applicationDetection stringEngine 
- Enable/disable application detection engine (default = disable). Valid values: enable,disable.
- applicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable,disable.
- applicationList string
- Application control list name.
- applicationReport numberIntv 
- Application report interval (30 - 864000 sec, default = 120).
- atfWeight number
- Airtime weight in percentage (default = 20).
- auth string
- Authentication protocol.
- authCert string
- HTTPS server certificate.
- authPortal stringAddr 
- Address of captive portal.
- beaconAdvertising string
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- beaconProtection string
- Enable/disable beacon protection support (default = disable). Valid values: disable,enable.
- broadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: enable,disable.
- broadcastSuppression string
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bssColor stringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable,disable.
- bstmDisassociation stringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable,disable.
- bstmLoad numberBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstmRssi numberDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captivePortal string
- Enable/disable captive portal. Valid values: enable,disable.
- captivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal numberAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable,disable.
- captivePortal stringMacauth Radius Secret 
- Secret key to access the macauth RADIUS server.
- captivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal stringRadius Secret 
- Secret key to access the RADIUS server.
- captivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal numberSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcpAddress stringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: enable,disable.
- dhcpLease numberTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion string
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable,disable.
- dhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: enable,disable.
- dhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1,disable.
- dynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: enable,disable.
- eapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable,disable.
- eapReauth numberIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable,disable.
- externalLogout string
- URL of external authentication logout server.
- externalWeb string
- URL of external authentication web server.
- externalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable,disable.
- ftMobility numberDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key numberLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback numberDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gasFragmentation numberLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- getAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: enable,disable.
- gtkRekey numberIntv 
- GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- highEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable,disable.
- hotspot20Profile string
- Hotspot 2.0 profile name.
- igmpSnooping string
- Enable/disable IGMP snooping. Valid values: enable,disable.
- intraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable,disable.
- ip string
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor string
- IPS sensor name.
- ipv6Rules string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- key string
- WEP Key.
- keyindex number
- WEP key index (1 - 4).
- l3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values: enable,disable.
- l3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,rx,tx,rxtx.
- localAuthentication string
- Enable/disable AP local authentication. Valid values: enable,disable.
- localBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable,disable.
- localLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow,deny.
- localStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: enable,disable.
- localStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: enable,disable.
- localStandalone stringDns Ip 
- IPv4 addresses for the local standalone DNS.
- localStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: enable,disable.
- macAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: enable,disable.
- macCalled stringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCalling stringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCase string
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- macFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable,disable.
- macFilter VapLists Mac Filter List[] 
- Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_listblock is documented below.
- macFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow,deny.
- macPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- maxClients number
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients numberAp 
- Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo string
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mboCell stringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- meDisable numberThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable,disable.
- mpsk string
- Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable,disable.
- mpskConcurrent numberClients 
- Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpskKeys VapMpsk Key[] 
- Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_keyblock is documented below.
- mpskProfile string
- MPSK profile name.
- muMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: enable,disable.
- multicastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable,disable.
- multicastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac string
- Enable/disable network access control. Valid values: enable,disable.
- nacProfile string
- NAC profile name.
- name string
- Virtual AP name.
- nasFilter stringRule 
- Enable/disable NAS filter rule support (default = disable). Valid values: enable,disable.
- neighborReport stringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: enable,disable.
- oweGroups string
- OWE-Groups. Valid values: 19,20,21.
- oweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition stringSsid 
- OWE transition mode peer SSID.
- passphrase string
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc numberComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa numberQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth string
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- portMacauth numberReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- portMacauth numberTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalMessage VapOverrides Portal Message Overrides 
- Individual message overrides. The structure of portal_message_overridesblock is documented below.
- portalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primaryWag stringProfile 
- Primary wireless access gateway profile name.
- probeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable,disable.
- probeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable,disable.
- ptkRekey numberIntv 
- PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qosProfile string
- Quality of service profile name.
- quarantine string
- Enable/disable station quarantine (default = enable). Valid values: enable,disable.
- radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable,disable.
- radiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable,disable.
- radiusMac numberAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac VapAuth Usergroups Radius Mac Auth Usergroup[] 
- Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroupsblock is documented below.
- radiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable,disable.
- radiusMac numberMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer string
- RADIUS server to be used to authenticate WiFi users.
- rates11a string
- Allowed data rates for 802.11a.
- rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12 string
- Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11acSs34 string
- Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12 string
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34 string
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11beMcs stringMap 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11beMcs stringMap160 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11beMcs stringMap320 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg string
- Allowed data rates for 802.11b/g.
- rates11nSs12 string
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34 string
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable,disable.
- saeGroups string
- SAE-Groups. Valid values: 19,20,21.
- saeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- saeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- saePassword string
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable,disable.
- saePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,monitor,block.
- schedule string
- VAP schedule name.
- secondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- security string
- Security mode for the wireless interface (default = wpa2-only-personal).
- securityExempt stringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: enable,disable.
- securityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups VapSelected Usergroup[] 
- Selective user groups that are permitted to authenticate. The structure of selected_usergroupsblock is documented below.
- splitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: enable,disable.
- ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient stringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable,disable.
- stickyClient stringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- stickyClient stringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- stickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: enable,disable.
- tkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: enable,disable.
- tunnelEcho numberInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback numberInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups
VapUsergroup[] 
- Firewall user group to be used to authenticate WiFi users. The structure of usergroupblock is documented below.
- utmLog string
- Enable/disable UTM logging. Valid values: enable,disable.
- utmProfile string
- UTM profile name.
- utmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable,disable.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: enable,disable.
- vlanNames VapVlan Name[] 
- Table for mapping VLAN name to VLAN ID. The structure of vlan_nameblock is documented below.
- vlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanPools VapVlan Pool[] 
- VLAN pool. The structure of vlan_poolblock is documented below.
- vlanid number
- Optional VLAN ID.
- voiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile string
- WebFilter profile name.
- access_control_ strlist 
- access-control-list profile name.
- acct_interim_ intinterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional_akms str
- Additional AKMs.
- address_group str
- Address group ID.
- address_group_ strpolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- akm24_only str
- WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable,enable.
- alias str
- Alias.
- antivirus_profile str
- AntiVirus profile name.
- application_detection_ strengine 
- Enable/disable application detection engine (default = disable). Valid values: enable,disable.
- application_dscp_ strmarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable,disable.
- application_list str
- Application control list name.
- application_report_ intintv 
- Application report interval (30 - 864000 sec, default = 120).
- atf_weight int
- Airtime weight in percentage (default = 20).
- auth str
- Authentication protocol.
- auth_cert str
- HTTPS server certificate.
- auth_portal_ straddr 
- Address of captive portal.
- beacon_advertising str
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- beacon_protection str
- Enable/disable beacon protection support (default = disable). Valid values: disable,enable.
- broadcast_ssid str
- Enable/disable broadcasting the SSID (default = enable). Valid values: enable,disable.
- broadcast_suppression str
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bss_color_ strpartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable,disable.
- bstm_disassociation_ strimminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable,disable.
- bstm_load_ intbalancing_ disassoc_ timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstm_rssi_ intdisassoc_ timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captive_portal str
- Enable/disable captive portal. Valid values: enable,disable.
- captive_portal_ strac_ name 
- Local-bridging captive portal ac-name.
- captive_portal_ intauth_ timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captive_portal_ strfw_ accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable,disable.
- captive_portal_ strmacauth_ radius_ secret 
- Secret key to access the macauth RADIUS server.
- captive_portal_ strmacauth_ radius_ server 
- Captive portal external RADIUS server domain name or IP address.
- captive_portal_ strradius_ secret 
- Secret key to access the RADIUS server.
- captive_portal_ strradius_ server 
- Captive portal RADIUS server domain name or IP address.
- captive_portal_ intsession_ timeout_ interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcp_address_ strenforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: enable,disable.
- dhcp_lease_ inttime 
- DHCP lease time in seconds for NAT IP address.
- dhcp_option43_ strinsertion 
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable,disable.
- dhcp_option82_ strcircuit_ id_ insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcp_option82_ strinsertion 
- Enable/disable DHCP option 82 insert (default = disable). Valid values: enable,disable.
- dhcp_option82_ strremote_ id_ insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1,disable.
- dynamic_sort_ strsubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamic_vlan str
- Enable/disable dynamic VLAN assignment. Valid values: enable,disable.
- eap_reauth str
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable,disable.
- eap_reauth_ intintv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol_key_ strretries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt str
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- external_fast_ strroaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable,disable.
- external_logout str
- URL of external authentication logout server.
- external_web str
- URL of external authentication web server.
- external_web_ strformat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fast_bss_ strtransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fast_roaming str
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable,disable.
- ft_mobility_ intdomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft_over_ strds 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ft_r0_ intkey_ lifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas_comeback_ intdelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gas_fragmentation_ intlimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- get_all_ strtables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtk_rekey str
- Enable/disable GTK rekey for WPA security. Valid values: enable,disable.
- gtk_rekey_ intintv 
- GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- high_efficiency str
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable,disable.
- hotspot20_profile str
- Hotspot 2.0 profile name.
- igmp_snooping str
- Enable/disable IGMP snooping. Valid values: enable,disable.
- intra_vap_ strprivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable,disable.
- ip str
- IP address and subnet mask for the local standalone NAT subnet.
- ips_sensor str
- IPS sensor name.
- ipv6_rules str
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- key str
- WEP Key.
- keyindex int
- WEP key index (1 - 4).
- l3_roaming str
- Enable/disable layer 3 roaming (default = disable). Valid values: enable,disable.
- l3_roaming_ strmode 
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc str
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,rx,tx,rxtx.
- local_authentication str
- Enable/disable AP local authentication. Valid values: enable,disable.
- local_bridging str
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable,disable.
- local_lan str
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow,deny.
- local_standalone str
- Enable/disable AP local standalone (default = disable). Valid values: enable,disable.
- local_standalone_ strdns 
- Enable/disable AP local standalone DNS. Valid values: enable,disable.
- local_standalone_ strdns_ ip 
- IPv4 addresses for the local standalone DNS.
- local_standalone_ strnat 
- Enable/disable AP local standalone NAT mode. Valid values: enable,disable.
- mac_auth_ strbypass 
- Enable/disable MAC authentication bypass. Valid values: enable,disable.
- mac_called_ strstation_ delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_calling_ strstation_ delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_case str
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- mac_filter str
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable,disable.
- mac_filter_ Sequence[Vaplists Mac Filter List Args] 
- Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_listblock is documented below.
- mac_filter_ strpolicy_ other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow,deny.
- mac_password_ strdelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_username_ strdelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- max_clients int
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max_clients_ intap 
- Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo str
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mbo_cell_ strdata_ conn_ pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- me_disable_ intthresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh_backhaul str
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable,disable.
- mpsk str
- Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable,disable.
- mpsk_concurrent_ intclients 
- Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpsk_keys Sequence[VapMpsk Key Args] 
- Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_keyblock is documented below.
- mpsk_profile str
- MPSK profile name.
- mu_mimo str
- Enable/disable Multi-user MIMO (default = enable). Valid values: enable,disable.
- multicast_enhance str
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable,disable.
- multicast_rate str
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k str
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v str
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac str
- Enable/disable network access control. Valid values: enable,disable.
- nac_profile str
- NAC profile name.
- name str
- Virtual AP name.
- nas_filter_ strrule 
- Enable/disable NAS filter rule support (default = disable). Valid values: enable,disable.
- neighbor_report_ strdual_ band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- okc str
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen str
- Enable/disable OSEN as part of key management (default = disable). Valid values: enable,disable.
- owe_groups str
- OWE-Groups. Valid values: 19,20,21.
- owe_transition str
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- owe_transition_ strssid 
- OWE transition mode peer SSID.
- passphrase str
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf str
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmf_assoc_ intcomeback_ timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf_sa_ intquery_ retry_ timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port_macauth str
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- port_macauth_ intreauth_ timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- port_macauth_ inttimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portal_message_ stroverride_ group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal_message_ Vapoverrides Portal Message Overrides Args 
- Individual message overrides. The structure of portal_message_overridesblock is documented below.
- portal_type str
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primary_wag_ strprofile 
- Primary wireless access gateway profile name.
- probe_resp_ strsuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable,disable.
- probe_resp_ strthreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk_rekey str
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable,disable.
- ptk_rekey_ intintv 
- PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qos_profile str
- Quality of service profile name.
- quarantine str
- Enable/disable station quarantine (default = enable). Valid values: enable,disable.
- radio2g_threshold str
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g_threshold str
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio_sensitivity str
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable,disable.
- radius_mac_ strauth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable,disable.
- radius_mac_ intauth_ block_ interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius_mac_ strauth_ server 
- RADIUS-based MAC authentication server.
- radius_mac_ Sequence[Vapauth_ usergroups Radius Mac Auth Usergroup Args] 
- Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroupsblock is documented below.
- radius_mac_ strmpsk_ auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable,disable.
- radius_mac_ intmpsk_ timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius_server str
- RADIUS server to be used to authenticate WiFi users.
- rates11a str
- Allowed data rates for 802.11a.
- rates11ac_mcs_ strmap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac_ss12 str
- Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11ac_ss34 str
- Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11ax_mcs_ strmap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax_ss12 str
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11ax_ss34 str
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11be_mcs_ strmap 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11be_mcs_ strmap160 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11be_mcs_ strmap320 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg str
- Allowed data rates for 802.11b/g.
- rates11n_ss12 str
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11n_ss34 str
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roaming_acct_ strinterim_ update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable,disable.
- sae_groups str
- SAE-Groups. Valid values: 19,20,21.
- sae_h2e_ stronly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- sae_hnp_ stronly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- sae_password str
- WPA3 SAE password to be used to authenticate WiFi users.
- sae_pk str
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable,disable.
- sae_private_ strkey 
- Private key used for WPA3 SAE-PK authentication.
- scan_botnet_ strconnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,monitor,block.
- schedule str
- VAP schedule name.
- secondary_wag_ strprofile 
- Secondary wireless access gateway profile name.
- security str
- Security mode for the wireless interface (default = wpa2-only-personal).
- security_exempt_ strlist 
- Optional security exempt list for captive portal authentication.
- security_obsolete_ stroption 
- Enable/disable obsolete security options. Valid values: enable,disable.
- security_redirect_ strurl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selected_usergroups Sequence[VapSelected Usergroup Args] 
- Selective user groups that are permitted to authenticate. The structure of selected_usergroupsblock is documented below.
- split_tunneling str
- Enable/disable split tunneling (default = disable). Valid values: enable,disable.
- ssid str
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky_client_ strremove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable,disable.
- sticky_client_ strthreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- sticky_client_ strthreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- sticky_client_ strthreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target_wake_ strtime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: enable,disable.
- tkip_counter_ strmeasure 
- Enable/disable TKIP counter measure. Valid values: enable,disable.
- tunnel_echo_ intinterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel_fallback_ intinterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups
Sequence[VapUsergroup Args] 
- Firewall user group to be used to authenticate WiFi users. The structure of usergroupblock is documented below.
- utm_log str
- Enable/disable UTM logging. Valid values: enable,disable.
- utm_profile str
- UTM profile name.
- utm_status str
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable,disable.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan_auto str
- Enable/disable automatic management of SSID VLAN interface. Valid values: enable,disable.
- vlan_names Sequence[VapVlan Name Args] 
- Table for mapping VLAN name to VLAN ID. The structure of vlan_nameblock is documented below.
- vlan_pooling str
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlan_pools Sequence[VapVlan Pool Args] 
- VLAN pool. The structure of vlan_poolblock is documented below.
- vlanid int
- Optional VLAN ID.
- voice_enterprise str
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilter_profile str
- WebFilter profile name.
- accessControl StringList 
- access-control-list profile name.
- acctInterim NumberInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms String
- Additional AKMs.
- addressGroup String
- Address group ID.
- addressGroup StringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- akm24Only String
- WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable,enable.
- alias String
- Alias.
- antivirusProfile String
- AntiVirus profile name.
- applicationDetection StringEngine 
- Enable/disable application detection engine (default = disable). Valid values: enable,disable.
- applicationDscp StringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable,disable.
- applicationList String
- Application control list name.
- applicationReport NumberIntv 
- Application report interval (30 - 864000 sec, default = 120).
- atfWeight Number
- Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol.
- authCert String
- HTTPS server certificate.
- authPortal StringAddr 
- Address of captive portal.
- beaconAdvertising String
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- beaconProtection String
- Enable/disable beacon protection support (default = disable). Valid values: disable,enable.
- broadcastSsid String
- Enable/disable broadcasting the SSID (default = enable). Valid values: enable,disable.
- broadcastSuppression String
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bssColor StringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable,disable.
- bstmDisassociation StringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable,disable.
- bstmLoad NumberBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstmRssi NumberDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captivePortal String
- Enable/disable captive portal. Valid values: enable,disable.
- captivePortal StringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal NumberAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captivePortal StringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable,disable.
- captivePortal StringMacauth Radius Secret 
- Secret key to access the macauth RADIUS server.
- captivePortal StringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal StringRadius Secret 
- Secret key to access the RADIUS server.
- captivePortal StringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal NumberSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcpAddress StringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: enable,disable.
- dhcpLease NumberTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion String
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable,disable.
- dhcpOption82Circuit StringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcpOption82Insertion String
- Enable/disable DHCP option 82 insert (default = disable). Valid values: enable,disable.
- dhcpOption82Remote StringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1,disable.
- dynamicSort StringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamicVlan String
- Enable/disable dynamic VLAN assignment. Valid values: enable,disable.
- eapReauth String
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable,disable.
- eapReauth NumberIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey StringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast StringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable,disable.
- externalLogout String
- URL of external authentication logout server.
- externalWeb String
- URL of external authentication web server.
- externalWeb StringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss StringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming String
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable,disable.
- ftMobility NumberDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver StringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key NumberLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback NumberDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gasFragmentation NumberLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtkRekey String
- Enable/disable GTK rekey for WPA security. Valid values: enable,disable.
- gtkRekey NumberIntv 
- GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- highEfficiency String
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable,disable.
- hotspot20Profile String
- Hotspot 2.0 profile name.
- igmpSnooping String
- Enable/disable IGMP snooping. Valid values: enable,disable.
- intraVap StringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable,disable.
- ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor String
- IPS sensor name.
- ipv6Rules String
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- key String
- WEP Key.
- keyindex Number
- WEP key index (1 - 4).
- l3Roaming String
- Enable/disable layer 3 roaming (default = disable). Valid values: enable,disable.
- l3RoamingMode String
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,rx,tx,rxtx.
- localAuthentication String
- Enable/disable AP local authentication. Valid values: enable,disable.
- localBridging String
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable,disable.
- localLan String
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow,deny.
- localStandalone String
- Enable/disable AP local standalone (default = disable). Valid values: enable,disable.
- localStandalone StringDns 
- Enable/disable AP local standalone DNS. Valid values: enable,disable.
- localStandalone StringDns Ip 
- IPv4 addresses for the local standalone DNS.
- localStandalone StringNat 
- Enable/disable AP local standalone NAT mode. Valid values: enable,disable.
- macAuth StringBypass 
- Enable/disable MAC authentication bypass. Valid values: enable,disable.
- macCalled StringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCalling StringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCase String
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- macFilter String
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable,disable.
- macFilter List<Property Map>Lists 
- Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_listblock is documented below.
- macFilter StringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow,deny.
- macPassword StringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- maxClients Number
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients NumberAp 
- Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo String
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mboCell StringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- meDisable NumberThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul String
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable,disable.
- mpsk String
- Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable,disable.
- mpskConcurrent NumberClients 
- Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpskKeys List<Property Map>
- Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_keyblock is documented below.
- mpskProfile String
- MPSK profile name.
- muMimo String
- Enable/disable Multi-user MIMO (default = enable). Valid values: enable,disable.
- multicastEnhance String
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable,disable.
- multicastRate String
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac String
- Enable/disable network access control. Valid values: enable,disable.
- nacProfile String
- NAC profile name.
- name String
- Virtual AP name.
- nasFilter StringRule 
- Enable/disable NAS filter rule support (default = disable). Valid values: enable,disable.
- neighborReport StringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values: enable,disable.
- oweGroups String
- OWE-Groups. Valid values: 19,20,21.
- oweTransition String
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition StringSsid 
- OWE transition mode peer SSID.
- passphrase String
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc NumberComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa NumberQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth String
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- portMacauth NumberReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- portMacauth NumberTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portalMessage StringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalMessage Property MapOverrides 
- Individual message overrides. The structure of portal_message_overridesblock is documented below.
- portalType String
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primaryWag StringProfile 
- Primary wireless access gateway profile name.
- probeResp StringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable,disable.
- probeResp StringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey String
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable,disable.
- ptkRekey NumberIntv 
- PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qosProfile String
- Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values: enable,disable.
- radio2gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity String
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable,disable.
- radiusMac StringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable,disable.
- radiusMac NumberAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac StringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac List<Property Map>Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroupsblock is documented below.
- radiusMac StringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable,disable.
- radiusMac NumberMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer String
- RADIUS server to be used to authenticate WiFi users.
- rates11a String
- Allowed data rates for 802.11a.
- rates11acMcs StringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12 String
- Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11acSs34 String
- Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11axMcs StringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12 String
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34 String
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11beMcs StringMap 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11beMcs StringMap160 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11beMcs StringMap320 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg String
- Allowed data rates for 802.11b/g.
- rates11nSs12 String
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34 String
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct StringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable,disable.
- saeGroups String
- SAE-Groups. Valid values: 19,20,21.
- saeH2e StringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- saeHnp StringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- saePassword String
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk String
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable,disable.
- saePrivate StringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet StringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,monitor,block.
- schedule String
- VAP schedule name.
- secondaryWag StringProfile 
- Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal).
- securityExempt StringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete StringOption 
- Enable/disable obsolete security options. Valid values: enable,disable.
- securityRedirect StringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups List<Property Map>
- Selective user groups that are permitted to authenticate. The structure of selected_usergroupsblock is documented below.
- splitTunneling String
- Enable/disable split tunneling (default = disable). Valid values: enable,disable.
- ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient StringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable,disable.
- stickyClient StringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- stickyClient StringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- stickyClient StringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake StringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: enable,disable.
- tkipCounter StringMeasure 
- Enable/disable TKIP counter measure. Valid values: enable,disable.
- tunnelEcho NumberInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback NumberInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups List<Property Map>
- Firewall user group to be used to authenticate WiFi users. The structure of usergroupblock is documented below.
- utmLog String
- Enable/disable UTM logging. Valid values: enable,disable.
- utmProfile String
- UTM profile name.
- utmStatus String
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable,disable.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlanAuto String
- Enable/disable automatic management of SSID VLAN interface. Valid values: enable,disable.
- vlanNames List<Property Map>
- Table for mapping VLAN name to VLAN ID. The structure of vlan_nameblock is documented below.
- vlanPooling String
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanPools List<Property Map>
- VLAN pool. The structure of vlan_poolblock is documented below.
- vlanid Number
- Optional VLAN ID.
- voiceEnterprise String
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile String
- WebFilter profile name.
Outputs
All input properties are implicitly available as output properties. Additionally, the Vap resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Vap Resource
Get an existing Vap resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: VapState, opts?: CustomResourceOptions): Vap@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_control_list: Optional[str] = None,
        acct_interim_interval: Optional[int] = None,
        additional_akms: Optional[str] = None,
        address_group: Optional[str] = None,
        address_group_policy: Optional[str] = None,
        akm24_only: Optional[str] = None,
        alias: Optional[str] = None,
        antivirus_profile: Optional[str] = None,
        application_detection_engine: Optional[str] = None,
        application_dscp_marking: Optional[str] = None,
        application_list: Optional[str] = None,
        application_report_intv: Optional[int] = None,
        atf_weight: Optional[int] = None,
        auth: Optional[str] = None,
        auth_cert: Optional[str] = None,
        auth_portal_addr: Optional[str] = None,
        beacon_advertising: Optional[str] = None,
        beacon_protection: Optional[str] = None,
        broadcast_ssid: Optional[str] = None,
        broadcast_suppression: Optional[str] = None,
        bss_color_partial: Optional[str] = None,
        bstm_disassociation_imminent: Optional[str] = None,
        bstm_load_balancing_disassoc_timer: Optional[int] = None,
        bstm_rssi_disassoc_timer: Optional[int] = None,
        captive_portal: Optional[str] = None,
        captive_portal_ac_name: Optional[str] = None,
        captive_portal_auth_timeout: Optional[int] = None,
        captive_portal_fw_accounting: Optional[str] = None,
        captive_portal_macauth_radius_secret: Optional[str] = None,
        captive_portal_macauth_radius_server: Optional[str] = None,
        captive_portal_radius_secret: Optional[str] = None,
        captive_portal_radius_server: Optional[str] = None,
        captive_portal_session_timeout_interval: Optional[int] = None,
        dhcp_address_enforcement: Optional[str] = None,
        dhcp_lease_time: Optional[int] = None,
        dhcp_option43_insertion: Optional[str] = None,
        dhcp_option82_circuit_id_insertion: Optional[str] = None,
        dhcp_option82_insertion: Optional[str] = None,
        dhcp_option82_remote_id_insertion: Optional[str] = None,
        dynamic_sort_subtable: Optional[str] = None,
        dynamic_vlan: Optional[str] = None,
        eap_reauth: Optional[str] = None,
        eap_reauth_intv: Optional[int] = None,
        eapol_key_retries: Optional[str] = None,
        encrypt: Optional[str] = None,
        external_fast_roaming: Optional[str] = None,
        external_logout: Optional[str] = None,
        external_web: Optional[str] = None,
        external_web_format: Optional[str] = None,
        fast_bss_transition: Optional[str] = None,
        fast_roaming: Optional[str] = None,
        ft_mobility_domain: Optional[int] = None,
        ft_over_ds: Optional[str] = None,
        ft_r0_key_lifetime: Optional[int] = None,
        gas_comeback_delay: Optional[int] = None,
        gas_fragmentation_limit: Optional[int] = None,
        get_all_tables: Optional[str] = None,
        gtk_rekey: Optional[str] = None,
        gtk_rekey_intv: Optional[int] = None,
        high_efficiency: Optional[str] = None,
        hotspot20_profile: Optional[str] = None,
        igmp_snooping: Optional[str] = None,
        intra_vap_privacy: Optional[str] = None,
        ip: Optional[str] = None,
        ips_sensor: Optional[str] = None,
        ipv6_rules: Optional[str] = None,
        key: Optional[str] = None,
        keyindex: Optional[int] = None,
        l3_roaming: Optional[str] = None,
        l3_roaming_mode: Optional[str] = None,
        ldpc: Optional[str] = None,
        local_authentication: Optional[str] = None,
        local_bridging: Optional[str] = None,
        local_lan: Optional[str] = None,
        local_standalone: Optional[str] = None,
        local_standalone_dns: Optional[str] = None,
        local_standalone_dns_ip: Optional[str] = None,
        local_standalone_nat: Optional[str] = None,
        mac_auth_bypass: Optional[str] = None,
        mac_called_station_delimiter: Optional[str] = None,
        mac_calling_station_delimiter: Optional[str] = None,
        mac_case: Optional[str] = None,
        mac_filter: Optional[str] = None,
        mac_filter_lists: Optional[Sequence[VapMacFilterListArgs]] = None,
        mac_filter_policy_other: Optional[str] = None,
        mac_password_delimiter: Optional[str] = None,
        mac_username_delimiter: Optional[str] = None,
        max_clients: Optional[int] = None,
        max_clients_ap: Optional[int] = None,
        mbo: Optional[str] = None,
        mbo_cell_data_conn_pref: Optional[str] = None,
        me_disable_thresh: Optional[int] = None,
        mesh_backhaul: Optional[str] = None,
        mpsk: Optional[str] = None,
        mpsk_concurrent_clients: Optional[int] = None,
        mpsk_keys: Optional[Sequence[VapMpskKeyArgs]] = None,
        mpsk_profile: Optional[str] = None,
        mu_mimo: Optional[str] = None,
        multicast_enhance: Optional[str] = None,
        multicast_rate: Optional[str] = None,
        n80211k: Optional[str] = None,
        n80211v: Optional[str] = None,
        nac: Optional[str] = None,
        nac_profile: Optional[str] = None,
        name: Optional[str] = None,
        nas_filter_rule: Optional[str] = None,
        neighbor_report_dual_band: Optional[str] = None,
        okc: Optional[str] = None,
        osen: Optional[str] = None,
        owe_groups: Optional[str] = None,
        owe_transition: Optional[str] = None,
        owe_transition_ssid: Optional[str] = None,
        passphrase: Optional[str] = None,
        pmf: Optional[str] = None,
        pmf_assoc_comeback_timeout: Optional[int] = None,
        pmf_sa_query_retry_timeout: Optional[int] = None,
        port_macauth: Optional[str] = None,
        port_macauth_reauth_timeout: Optional[int] = None,
        port_macauth_timeout: Optional[int] = None,
        portal_message_override_group: Optional[str] = None,
        portal_message_overrides: Optional[VapPortalMessageOverridesArgs] = None,
        portal_type: Optional[str] = None,
        primary_wag_profile: Optional[str] = None,
        probe_resp_suppression: Optional[str] = None,
        probe_resp_threshold: Optional[str] = None,
        ptk_rekey: Optional[str] = None,
        ptk_rekey_intv: Optional[int] = None,
        qos_profile: Optional[str] = None,
        quarantine: Optional[str] = None,
        radio2g_threshold: Optional[str] = None,
        radio5g_threshold: Optional[str] = None,
        radio_sensitivity: Optional[str] = None,
        radius_mac_auth: Optional[str] = None,
        radius_mac_auth_block_interval: Optional[int] = None,
        radius_mac_auth_server: Optional[str] = None,
        radius_mac_auth_usergroups: Optional[Sequence[VapRadiusMacAuthUsergroupArgs]] = None,
        radius_mac_mpsk_auth: Optional[str] = None,
        radius_mac_mpsk_timeout: Optional[int] = None,
        radius_server: Optional[str] = None,
        rates11a: Optional[str] = None,
        rates11ac_mcs_map: Optional[str] = None,
        rates11ac_ss12: Optional[str] = None,
        rates11ac_ss34: Optional[str] = None,
        rates11ax_mcs_map: Optional[str] = None,
        rates11ax_ss12: Optional[str] = None,
        rates11ax_ss34: Optional[str] = None,
        rates11be_mcs_map: Optional[str] = None,
        rates11be_mcs_map160: Optional[str] = None,
        rates11be_mcs_map320: Optional[str] = None,
        rates11bg: Optional[str] = None,
        rates11n_ss12: Optional[str] = None,
        rates11n_ss34: Optional[str] = None,
        roaming_acct_interim_update: Optional[str] = None,
        sae_groups: Optional[str] = None,
        sae_h2e_only: Optional[str] = None,
        sae_hnp_only: Optional[str] = None,
        sae_password: Optional[str] = None,
        sae_pk: Optional[str] = None,
        sae_private_key: Optional[str] = None,
        scan_botnet_connections: Optional[str] = None,
        schedule: Optional[str] = None,
        secondary_wag_profile: Optional[str] = None,
        security: Optional[str] = None,
        security_exempt_list: Optional[str] = None,
        security_obsolete_option: Optional[str] = None,
        security_redirect_url: Optional[str] = None,
        selected_usergroups: Optional[Sequence[VapSelectedUsergroupArgs]] = None,
        split_tunneling: Optional[str] = None,
        ssid: Optional[str] = None,
        sticky_client_remove: Optional[str] = None,
        sticky_client_threshold2g: Optional[str] = None,
        sticky_client_threshold5g: Optional[str] = None,
        sticky_client_threshold6g: Optional[str] = None,
        target_wake_time: Optional[str] = None,
        tkip_counter_measure: Optional[str] = None,
        tunnel_echo_interval: Optional[int] = None,
        tunnel_fallback_interval: Optional[int] = None,
        usergroups: Optional[Sequence[VapUsergroupArgs]] = None,
        utm_log: Optional[str] = None,
        utm_profile: Optional[str] = None,
        utm_status: Optional[str] = None,
        vdomparam: Optional[str] = None,
        vlan_auto: Optional[str] = None,
        vlan_names: Optional[Sequence[VapVlanNameArgs]] = None,
        vlan_pooling: Optional[str] = None,
        vlan_pools: Optional[Sequence[VapVlanPoolArgs]] = None,
        vlanid: Optional[int] = None,
        voice_enterprise: Optional[str] = None,
        webfilter_profile: Optional[str] = None) -> Vapfunc GetVap(ctx *Context, name string, id IDInput, state *VapState, opts ...ResourceOption) (*Vap, error)public static Vap Get(string name, Input<string> id, VapState? state, CustomResourceOptions? opts = null)public static Vap get(String name, Output<String> id, VapState state, CustomResourceOptions options)resources:  _:    type: fortios:wirelesscontroller:Vap    get:      id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- AccessControl stringList 
- access-control-list profile name.
- AcctInterim intInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- AdditionalAkms string
- Additional AKMs.
- AddressGroup string
- Address group ID.
- AddressGroup stringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- Akm24Only string
- WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable,enable.
- Alias string
- Alias.
- AntivirusProfile string
- AntiVirus profile name.
- ApplicationDetection stringEngine 
- Enable/disable application detection engine (default = disable). Valid values: enable,disable.
- ApplicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable,disable.
- ApplicationList string
- Application control list name.
- ApplicationReport intIntv 
- Application report interval (30 - 864000 sec, default = 120).
- AtfWeight int
- Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol.
- AuthCert string
- HTTPS server certificate.
- AuthPortal stringAddr 
- Address of captive portal.
- BeaconAdvertising string
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- BeaconProtection string
- Enable/disable beacon protection support (default = disable). Valid values: disable,enable.
- BroadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: enable,disable.
- BroadcastSuppression string
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- BssColor stringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable,disable.
- BstmDisassociation stringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable,disable.
- BstmLoad intBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- BstmRssi intDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- CaptivePortal string
- Enable/disable captive portal. Valid values: enable,disable.
- CaptivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- CaptivePortal intAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- CaptivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable,disable.
- CaptivePortal stringMacauth Radius Secret 
- Secret key to access the macauth RADIUS server.
- CaptivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- CaptivePortal stringRadius Secret 
- Secret key to access the RADIUS server.
- CaptivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- CaptivePortal intSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- DhcpAddress stringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: enable,disable.
- DhcpLease intTime 
- DHCP lease time in seconds for NAT IP address.
- DhcpOption43Insertion string
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable,disable.
- DhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable).
- DhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: enable,disable.
- DhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1,disable.
- DynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- DynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: enable,disable.
- EapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable,disable.
- EapReauth intIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- EapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- ExternalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable,disable.
- ExternalLogout string
- URL of external authentication logout server.
- ExternalWeb string
- URL of external authentication web server.
- ExternalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- FastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- FastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable,disable.
- FtMobility intDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- FtOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- FtR0Key intLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- GasComeback intDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- GasFragmentation intLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- GtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: enable,disable.
- GtkRekey intIntv 
- GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- HighEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable,disable.
- Hotspot20Profile string
- Hotspot 2.0 profile name.
- IgmpSnooping string
- Enable/disable IGMP snooping. Valid values: enable,disable.
- IntraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable,disable.
- Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- IpsSensor string
- IPS sensor name.
- Ipv6Rules string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- Key string
- WEP Key.
- Keyindex int
- WEP key index (1 - 4).
- L3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values: enable,disable.
- L3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,rx,tx,rxtx.
- LocalAuthentication string
- Enable/disable AP local authentication. Valid values: enable,disable.
- LocalBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable,disable.
- LocalLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow,deny.
- LocalStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: enable,disable.
- LocalStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: enable,disable.
- LocalStandalone stringDns Ip 
- IPv4 addresses for the local standalone DNS.
- LocalStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: enable,disable.
- MacAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: enable,disable.
- MacCalled stringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCalling stringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCase string
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- MacFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable,disable.
- MacFilter List<Pulumiverse.Lists Fortios. Wirelesscontroller. Inputs. Vap Mac Filter List> 
- Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_listblock is documented below.
- MacFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow,deny.
- MacPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MaxClients int
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- MaxClients intAp 
- Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- Mbo string
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- MboCell stringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- MeDisable intThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- MeshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable,disable.
- Mpsk string
- Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable,disable.
- MpskConcurrent intClients 
- Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- MpskKeys List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Mpsk Key> 
- Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_keyblock is documented below.
- MpskProfile string
- MPSK profile name.
- MuMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: enable,disable.
- MulticastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable,disable.
- MulticastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- Nac string
- Enable/disable network access control. Valid values: enable,disable.
- NacProfile string
- NAC profile name.
- Name string
- Virtual AP name.
- NasFilter stringRule 
- Enable/disable NAS filter rule support (default = disable). Valid values: enable,disable.
- NeighborReport stringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: enable,disable.
- OweGroups string
- OWE-Groups. Valid values: 19,20,21.
- OweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- OweTransition stringSsid 
- OWE transition mode peer SSID.
- Passphrase string
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- PmfAssoc intComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- PmfSa intQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- PortMacauth string
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- PortMacauth intReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- PortMacauth intTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- PortalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- PortalMessage Pulumiverse.Overrides Fortios. Wirelesscontroller. Inputs. Vap Portal Message Overrides 
- Individual message overrides. The structure of portal_message_overridesblock is documented below.
- PortalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- PrimaryWag stringProfile 
- Primary wireless access gateway profile name.
- ProbeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable,disable.
- ProbeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- PtkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable,disable.
- PtkRekey intIntv 
- PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- QosProfile string
- Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values: enable,disable.
- Radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- RadioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable,disable.
- RadiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable,disable.
- RadiusMac intAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- RadiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- RadiusMac List<Pulumiverse.Auth Usergroups Fortios. Wirelesscontroller. Inputs. Vap Radius Mac Auth Usergroup> 
- Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroupsblock is documented below.
- RadiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable,disable.
- RadiusMac intMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- RadiusServer string
- RADIUS server to be used to authenticate WiFi users.
- Rates11a string
- Allowed data rates for 802.11a.
- Rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11acSs12 string
- Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11acSs34 string
- Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11axSs12 string
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11axSs34 string
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11beMcs stringMap 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- Rates11beMcs stringMap160 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- Rates11beMcs stringMap320 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- Rates11bg string
- Allowed data rates for 802.11b/g.
- Rates11nSs12 string
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- Rates11nSs34 string
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- RoamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable,disable.
- SaeGroups string
- SAE-Groups. Valid values: 19,20,21.
- SaeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- SaeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- SaePassword string
- WPA3 SAE password to be used to authenticate WiFi users.
- SaePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable,disable.
- SaePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- ScanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,monitor,block.
- Schedule string
- VAP schedule name.
- SecondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal).
- SecurityExempt stringList 
- Optional security exempt list for captive portal authentication.
- SecurityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: enable,disable.
- SecurityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- SelectedUsergroups List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Selected Usergroup> 
- Selective user groups that are permitted to authenticate. The structure of selected_usergroupsblock is documented below.
- SplitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: enable,disable.
- Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- StickyClient stringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable,disable.
- StickyClient stringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- StickyClient stringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- StickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- TargetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: enable,disable.
- TkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: enable,disable.
- TunnelEcho intInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- TunnelFallback intInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroups
List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Usergroup> 
- Firewall user group to be used to authenticate WiFi users. The structure of usergroupblock is documented below.
- UtmLog string
- Enable/disable UTM logging. Valid values: enable,disable.
- UtmProfile string
- UTM profile name.
- UtmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable,disable.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- VlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: enable,disable.
- VlanNames List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Vlan Name> 
- Table for mapping VLAN name to VLAN ID. The structure of vlan_nameblock is documented below.
- VlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- VlanPools List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Vlan Pool> 
- VLAN pool. The structure of vlan_poolblock is documented below.
- Vlanid int
- Optional VLAN ID.
- VoiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- WebfilterProfile string
- WebFilter profile name.
- AccessControl stringList 
- access-control-list profile name.
- AcctInterim intInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- AdditionalAkms string
- Additional AKMs.
- AddressGroup string
- Address group ID.
- AddressGroup stringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- Akm24Only string
- WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable,enable.
- Alias string
- Alias.
- AntivirusProfile string
- AntiVirus profile name.
- ApplicationDetection stringEngine 
- Enable/disable application detection engine (default = disable). Valid values: enable,disable.
- ApplicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable,disable.
- ApplicationList string
- Application control list name.
- ApplicationReport intIntv 
- Application report interval (30 - 864000 sec, default = 120).
- AtfWeight int
- Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol.
- AuthCert string
- HTTPS server certificate.
- AuthPortal stringAddr 
- Address of captive portal.
- BeaconAdvertising string
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- BeaconProtection string
- Enable/disable beacon protection support (default = disable). Valid values: disable,enable.
- BroadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: enable,disable.
- BroadcastSuppression string
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- BssColor stringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable,disable.
- BstmDisassociation stringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable,disable.
- BstmLoad intBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- BstmRssi intDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- CaptivePortal string
- Enable/disable captive portal. Valid values: enable,disable.
- CaptivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- CaptivePortal intAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- CaptivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable,disable.
- CaptivePortal stringMacauth Radius Secret 
- Secret key to access the macauth RADIUS server.
- CaptivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- CaptivePortal stringRadius Secret 
- Secret key to access the RADIUS server.
- CaptivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- CaptivePortal intSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- DhcpAddress stringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: enable,disable.
- DhcpLease intTime 
- DHCP lease time in seconds for NAT IP address.
- DhcpOption43Insertion string
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable,disable.
- DhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable).
- DhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: enable,disable.
- DhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1,disable.
- DynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- DynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: enable,disable.
- EapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable,disable.
- EapReauth intIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- EapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- ExternalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable,disable.
- ExternalLogout string
- URL of external authentication logout server.
- ExternalWeb string
- URL of external authentication web server.
- ExternalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- FastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- FastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable,disable.
- FtMobility intDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- FtOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- FtR0Key intLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- GasComeback intDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- GasFragmentation intLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- GtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: enable,disable.
- GtkRekey intIntv 
- GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- HighEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable,disable.
- Hotspot20Profile string
- Hotspot 2.0 profile name.
- IgmpSnooping string
- Enable/disable IGMP snooping. Valid values: enable,disable.
- IntraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable,disable.
- Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- IpsSensor string
- IPS sensor name.
- Ipv6Rules string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- Key string
- WEP Key.
- Keyindex int
- WEP key index (1 - 4).
- L3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values: enable,disable.
- L3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,rx,tx,rxtx.
- LocalAuthentication string
- Enable/disable AP local authentication. Valid values: enable,disable.
- LocalBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable,disable.
- LocalLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow,deny.
- LocalStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: enable,disable.
- LocalStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: enable,disable.
- LocalStandalone stringDns Ip 
- IPv4 addresses for the local standalone DNS.
- LocalStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: enable,disable.
- MacAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: enable,disable.
- MacCalled stringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCalling stringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCase string
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- MacFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable,disable.
- MacFilter []VapLists Mac Filter List Args 
- Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_listblock is documented below.
- MacFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow,deny.
- MacPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MaxClients int
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- MaxClients intAp 
- Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- Mbo string
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- MboCell stringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- MeDisable intThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- MeshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable,disable.
- Mpsk string
- Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable,disable.
- MpskConcurrent intClients 
- Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- MpskKeys []VapMpsk Key Args 
- Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_keyblock is documented below.
- MpskProfile string
- MPSK profile name.
- MuMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: enable,disable.
- MulticastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable,disable.
- MulticastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- Nac string
- Enable/disable network access control. Valid values: enable,disable.
- NacProfile string
- NAC profile name.
- Name string
- Virtual AP name.
- NasFilter stringRule 
- Enable/disable NAS filter rule support (default = disable). Valid values: enable,disable.
- NeighborReport stringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: enable,disable.
- OweGroups string
- OWE-Groups. Valid values: 19,20,21.
- OweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- OweTransition stringSsid 
- OWE transition mode peer SSID.
- Passphrase string
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- PmfAssoc intComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- PmfSa intQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- PortMacauth string
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- PortMacauth intReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- PortMacauth intTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- PortalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- PortalMessage VapOverrides Portal Message Overrides Args 
- Individual message overrides. The structure of portal_message_overridesblock is documented below.
- PortalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- PrimaryWag stringProfile 
- Primary wireless access gateway profile name.
- ProbeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable,disable.
- ProbeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- PtkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable,disable.
- PtkRekey intIntv 
- PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- QosProfile string
- Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values: enable,disable.
- Radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- RadioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable,disable.
- RadiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable,disable.
- RadiusMac intAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- RadiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- RadiusMac []VapAuth Usergroups Radius Mac Auth Usergroup Args 
- Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroupsblock is documented below.
- RadiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable,disable.
- RadiusMac intMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- RadiusServer string
- RADIUS server to be used to authenticate WiFi users.
- Rates11a string
- Allowed data rates for 802.11a.
- Rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11acSs12 string
- Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11acSs34 string
- Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11axSs12 string
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11axSs34 string
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11beMcs stringMap 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- Rates11beMcs stringMap160 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- Rates11beMcs stringMap320 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- Rates11bg string
- Allowed data rates for 802.11b/g.
- Rates11nSs12 string
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- Rates11nSs34 string
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- RoamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable,disable.
- SaeGroups string
- SAE-Groups. Valid values: 19,20,21.
- SaeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- SaeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- SaePassword string
- WPA3 SAE password to be used to authenticate WiFi users.
- SaePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable,disable.
- SaePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- ScanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,monitor,block.
- Schedule string
- VAP schedule name.
- SecondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal).
- SecurityExempt stringList 
- Optional security exempt list for captive portal authentication.
- SecurityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: enable,disable.
- SecurityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- SelectedUsergroups []VapSelected Usergroup Args 
- Selective user groups that are permitted to authenticate. The structure of selected_usergroupsblock is documented below.
- SplitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: enable,disable.
- Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- StickyClient stringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable,disable.
- StickyClient stringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- StickyClient stringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- StickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- TargetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: enable,disable.
- TkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: enable,disable.
- TunnelEcho intInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- TunnelFallback intInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroups
[]VapUsergroup Args 
- Firewall user group to be used to authenticate WiFi users. The structure of usergroupblock is documented below.
- UtmLog string
- Enable/disable UTM logging. Valid values: enable,disable.
- UtmProfile string
- UTM profile name.
- UtmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable,disable.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- VlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: enable,disable.
- VlanNames []VapVlan Name Args 
- Table for mapping VLAN name to VLAN ID. The structure of vlan_nameblock is documented below.
- VlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- VlanPools []VapVlan Pool Args 
- VLAN pool. The structure of vlan_poolblock is documented below.
- Vlanid int
- Optional VLAN ID.
- VoiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- WebfilterProfile string
- WebFilter profile name.
- accessControl StringList 
- access-control-list profile name.
- acctInterim IntegerInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms String
- Additional AKMs.
- addressGroup String
- Address group ID.
- addressGroup StringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- akm24Only String
- WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable,enable.
- alias String
- Alias.
- antivirusProfile String
- AntiVirus profile name.
- applicationDetection StringEngine 
- Enable/disable application detection engine (default = disable). Valid values: enable,disable.
- applicationDscp StringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable,disable.
- applicationList String
- Application control list name.
- applicationReport IntegerIntv 
- Application report interval (30 - 864000 sec, default = 120).
- atfWeight Integer
- Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol.
- authCert String
- HTTPS server certificate.
- authPortal StringAddr 
- Address of captive portal.
- beaconAdvertising String
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- beaconProtection String
- Enable/disable beacon protection support (default = disable). Valid values: disable,enable.
- broadcastSsid String
- Enable/disable broadcasting the SSID (default = enable). Valid values: enable,disable.
- broadcastSuppression String
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bssColor StringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable,disable.
- bstmDisassociation StringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable,disable.
- bstmLoad IntegerBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstmRssi IntegerDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captivePortal String
- Enable/disable captive portal. Valid values: enable,disable.
- captivePortal StringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal IntegerAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captivePortal StringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable,disable.
- captivePortal StringMacauth Radius Secret 
- Secret key to access the macauth RADIUS server.
- captivePortal StringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal StringRadius Secret 
- Secret key to access the RADIUS server.
- captivePortal StringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal IntegerSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcpAddress StringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: enable,disable.
- dhcpLease IntegerTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion String
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable,disable.
- dhcpOption82Circuit StringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcpOption82Insertion String
- Enable/disable DHCP option 82 insert (default = disable). Valid values: enable,disable.
- dhcpOption82Remote StringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1,disable.
- dynamicSort StringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamicVlan String
- Enable/disable dynamic VLAN assignment. Valid values: enable,disable.
- eapReauth String
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable,disable.
- eapReauth IntegerIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey StringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast StringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable,disable.
- externalLogout String
- URL of external authentication logout server.
- externalWeb String
- URL of external authentication web server.
- externalWeb StringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss StringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming String
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable,disable.
- ftMobility IntegerDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver StringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key IntegerLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback IntegerDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gasFragmentation IntegerLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtkRekey String
- Enable/disable GTK rekey for WPA security. Valid values: enable,disable.
- gtkRekey IntegerIntv 
- GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- highEfficiency String
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable,disable.
- hotspot20Profile String
- Hotspot 2.0 profile name.
- igmpSnooping String
- Enable/disable IGMP snooping. Valid values: enable,disable.
- intraVap StringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable,disable.
- ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor String
- IPS sensor name.
- ipv6Rules String
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- key String
- WEP Key.
- keyindex Integer
- WEP key index (1 - 4).
- l3Roaming String
- Enable/disable layer 3 roaming (default = disable). Valid values: enable,disable.
- l3RoamingMode String
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,rx,tx,rxtx.
- localAuthentication String
- Enable/disable AP local authentication. Valid values: enable,disable.
- localBridging String
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable,disable.
- localLan String
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow,deny.
- localStandalone String
- Enable/disable AP local standalone (default = disable). Valid values: enable,disable.
- localStandalone StringDns 
- Enable/disable AP local standalone DNS. Valid values: enable,disable.
- localStandalone StringDns Ip 
- IPv4 addresses for the local standalone DNS.
- localStandalone StringNat 
- Enable/disable AP local standalone NAT mode. Valid values: enable,disable.
- macAuth StringBypass 
- Enable/disable MAC authentication bypass. Valid values: enable,disable.
- macCalled StringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCalling StringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCase String
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- macFilter String
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable,disable.
- macFilter List<VapLists Mac Filter List> 
- Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_listblock is documented below.
- macFilter StringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow,deny.
- macPassword StringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- maxClients Integer
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients IntegerAp 
- Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo String
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mboCell StringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- meDisable IntegerThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul String
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable,disable.
- mpsk String
- Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable,disable.
- mpskConcurrent IntegerClients 
- Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpskKeys List<VapMpsk Key> 
- Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_keyblock is documented below.
- mpskProfile String
- MPSK profile name.
- muMimo String
- Enable/disable Multi-user MIMO (default = enable). Valid values: enable,disable.
- multicastEnhance String
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable,disable.
- multicastRate String
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac String
- Enable/disable network access control. Valid values: enable,disable.
- nacProfile String
- NAC profile name.
- name String
- Virtual AP name.
- nasFilter StringRule 
- Enable/disable NAS filter rule support (default = disable). Valid values: enable,disable.
- neighborReport StringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values: enable,disable.
- oweGroups String
- OWE-Groups. Valid values: 19,20,21.
- oweTransition String
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition StringSsid 
- OWE transition mode peer SSID.
- passphrase String
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc IntegerComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa IntegerQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth String
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- portMacauth IntegerReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- portMacauth IntegerTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portalMessage StringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalMessage VapOverrides Portal Message Overrides 
- Individual message overrides. The structure of portal_message_overridesblock is documented below.
- portalType String
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primaryWag StringProfile 
- Primary wireless access gateway profile name.
- probeResp StringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable,disable.
- probeResp StringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey String
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable,disable.
- ptkRekey IntegerIntv 
- PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qosProfile String
- Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values: enable,disable.
- radio2gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity String
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable,disable.
- radiusMac StringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable,disable.
- radiusMac IntegerAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac StringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac List<VapAuth Usergroups Radius Mac Auth Usergroup> 
- Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroupsblock is documented below.
- radiusMac StringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable,disable.
- radiusMac IntegerMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer String
- RADIUS server to be used to authenticate WiFi users.
- rates11a String
- Allowed data rates for 802.11a.
- rates11acMcs StringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12 String
- Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11acSs34 String
- Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11axMcs StringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12 String
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34 String
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11beMcs StringMap 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11beMcs StringMap160 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11beMcs StringMap320 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg String
- Allowed data rates for 802.11b/g.
- rates11nSs12 String
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34 String
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct StringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable,disable.
- saeGroups String
- SAE-Groups. Valid values: 19,20,21.
- saeH2e StringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- saeHnp StringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- saePassword String
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk String
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable,disable.
- saePrivate StringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet StringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,monitor,block.
- schedule String
- VAP schedule name.
- secondaryWag StringProfile 
- Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal).
- securityExempt StringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete StringOption 
- Enable/disable obsolete security options. Valid values: enable,disable.
- securityRedirect StringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups List<VapSelected Usergroup> 
- Selective user groups that are permitted to authenticate. The structure of selected_usergroupsblock is documented below.
- splitTunneling String
- Enable/disable split tunneling (default = disable). Valid values: enable,disable.
- ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient StringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable,disable.
- stickyClient StringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- stickyClient StringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- stickyClient StringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake StringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: enable,disable.
- tkipCounter StringMeasure 
- Enable/disable TKIP counter measure. Valid values: enable,disable.
- tunnelEcho IntegerInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback IntegerInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups
List<VapUsergroup> 
- Firewall user group to be used to authenticate WiFi users. The structure of usergroupblock is documented below.
- utmLog String
- Enable/disable UTM logging. Valid values: enable,disable.
- utmProfile String
- UTM profile name.
- utmStatus String
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable,disable.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlanAuto String
- Enable/disable automatic management of SSID VLAN interface. Valid values: enable,disable.
- vlanNames List<VapVlan Name> 
- Table for mapping VLAN name to VLAN ID. The structure of vlan_nameblock is documented below.
- vlanPooling String
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanPools List<VapVlan Pool> 
- VLAN pool. The structure of vlan_poolblock is documented below.
- vlanid Integer
- Optional VLAN ID.
- voiceEnterprise String
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile String
- WebFilter profile name.
- accessControl stringList 
- access-control-list profile name.
- acctInterim numberInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms string
- Additional AKMs.
- addressGroup string
- Address group ID.
- addressGroup stringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- akm24Only string
- WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable,enable.
- alias string
- Alias.
- antivirusProfile string
- AntiVirus profile name.
- applicationDetection stringEngine 
- Enable/disable application detection engine (default = disable). Valid values: enable,disable.
- applicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable,disable.
- applicationList string
- Application control list name.
- applicationReport numberIntv 
- Application report interval (30 - 864000 sec, default = 120).
- atfWeight number
- Airtime weight in percentage (default = 20).
- auth string
- Authentication protocol.
- authCert string
- HTTPS server certificate.
- authPortal stringAddr 
- Address of captive portal.
- beaconAdvertising string
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- beaconProtection string
- Enable/disable beacon protection support (default = disable). Valid values: disable,enable.
- broadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: enable,disable.
- broadcastSuppression string
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bssColor stringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable,disable.
- bstmDisassociation stringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable,disable.
- bstmLoad numberBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstmRssi numberDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captivePortal string
- Enable/disable captive portal. Valid values: enable,disable.
- captivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal numberAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable,disable.
- captivePortal stringMacauth Radius Secret 
- Secret key to access the macauth RADIUS server.
- captivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal stringRadius Secret 
- Secret key to access the RADIUS server.
- captivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal numberSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcpAddress stringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: enable,disable.
- dhcpLease numberTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion string
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable,disable.
- dhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: enable,disable.
- dhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1,disable.
- dynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: enable,disable.
- eapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable,disable.
- eapReauth numberIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable,disable.
- externalLogout string
- URL of external authentication logout server.
- externalWeb string
- URL of external authentication web server.
- externalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable,disable.
- ftMobility numberDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key numberLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback numberDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gasFragmentation numberLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- getAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: enable,disable.
- gtkRekey numberIntv 
- GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- highEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable,disable.
- hotspot20Profile string
- Hotspot 2.0 profile name.
- igmpSnooping string
- Enable/disable IGMP snooping. Valid values: enable,disable.
- intraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable,disable.
- ip string
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor string
- IPS sensor name.
- ipv6Rules string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- key string
- WEP Key.
- keyindex number
- WEP key index (1 - 4).
- l3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values: enable,disable.
- l3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,rx,tx,rxtx.
- localAuthentication string
- Enable/disable AP local authentication. Valid values: enable,disable.
- localBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable,disable.
- localLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow,deny.
- localStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: enable,disable.
- localStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: enable,disable.
- localStandalone stringDns Ip 
- IPv4 addresses for the local standalone DNS.
- localStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: enable,disable.
- macAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: enable,disable.
- macCalled stringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCalling stringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCase string
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- macFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable,disable.
- macFilter VapLists Mac Filter List[] 
- Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_listblock is documented below.
- macFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow,deny.
- macPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- maxClients number
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients numberAp 
- Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo string
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mboCell stringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- meDisable numberThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable,disable.
- mpsk string
- Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable,disable.
- mpskConcurrent numberClients 
- Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpskKeys VapMpsk Key[] 
- Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_keyblock is documented below.
- mpskProfile string
- MPSK profile name.
- muMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: enable,disable.
- multicastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable,disable.
- multicastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac string
- Enable/disable network access control. Valid values: enable,disable.
- nacProfile string
- NAC profile name.
- name string
- Virtual AP name.
- nasFilter stringRule 
- Enable/disable NAS filter rule support (default = disable). Valid values: enable,disable.
- neighborReport stringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: enable,disable.
- oweGroups string
- OWE-Groups. Valid values: 19,20,21.
- oweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition stringSsid 
- OWE transition mode peer SSID.
- passphrase string
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc numberComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa numberQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth string
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- portMacauth numberReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- portMacauth numberTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalMessage VapOverrides Portal Message Overrides 
- Individual message overrides. The structure of portal_message_overridesblock is documented below.
- portalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primaryWag stringProfile 
- Primary wireless access gateway profile name.
- probeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable,disable.
- probeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable,disable.
- ptkRekey numberIntv 
- PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qosProfile string
- Quality of service profile name.
- quarantine string
- Enable/disable station quarantine (default = enable). Valid values: enable,disable.
- radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable,disable.
- radiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable,disable.
- radiusMac numberAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac VapAuth Usergroups Radius Mac Auth Usergroup[] 
- Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroupsblock is documented below.
- radiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable,disable.
- radiusMac numberMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer string
- RADIUS server to be used to authenticate WiFi users.
- rates11a string
- Allowed data rates for 802.11a.
- rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12 string
- Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11acSs34 string
- Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12 string
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34 string
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11beMcs stringMap 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11beMcs stringMap160 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11beMcs stringMap320 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg string
- Allowed data rates for 802.11b/g.
- rates11nSs12 string
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34 string
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable,disable.
- saeGroups string
- SAE-Groups. Valid values: 19,20,21.
- saeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- saeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- saePassword string
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable,disable.
- saePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,monitor,block.
- schedule string
- VAP schedule name.
- secondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- security string
- Security mode for the wireless interface (default = wpa2-only-personal).
- securityExempt stringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: enable,disable.
- securityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups VapSelected Usergroup[] 
- Selective user groups that are permitted to authenticate. The structure of selected_usergroupsblock is documented below.
- splitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: enable,disable.
- ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient stringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable,disable.
- stickyClient stringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- stickyClient stringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- stickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: enable,disable.
- tkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: enable,disable.
- tunnelEcho numberInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback numberInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups
VapUsergroup[] 
- Firewall user group to be used to authenticate WiFi users. The structure of usergroupblock is documented below.
- utmLog string
- Enable/disable UTM logging. Valid values: enable,disable.
- utmProfile string
- UTM profile name.
- utmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable,disable.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: enable,disable.
- vlanNames VapVlan Name[] 
- Table for mapping VLAN name to VLAN ID. The structure of vlan_nameblock is documented below.
- vlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanPools VapVlan Pool[] 
- VLAN pool. The structure of vlan_poolblock is documented below.
- vlanid number
- Optional VLAN ID.
- voiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile string
- WebFilter profile name.
- access_control_ strlist 
- access-control-list profile name.
- acct_interim_ intinterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional_akms str
- Additional AKMs.
- address_group str
- Address group ID.
- address_group_ strpolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- akm24_only str
- WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable,enable.
- alias str
- Alias.
- antivirus_profile str
- AntiVirus profile name.
- application_detection_ strengine 
- Enable/disable application detection engine (default = disable). Valid values: enable,disable.
- application_dscp_ strmarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable,disable.
- application_list str
- Application control list name.
- application_report_ intintv 
- Application report interval (30 - 864000 sec, default = 120).
- atf_weight int
- Airtime weight in percentage (default = 20).
- auth str
- Authentication protocol.
- auth_cert str
- HTTPS server certificate.
- auth_portal_ straddr 
- Address of captive portal.
- beacon_advertising str
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- beacon_protection str
- Enable/disable beacon protection support (default = disable). Valid values: disable,enable.
- broadcast_ssid str
- Enable/disable broadcasting the SSID (default = enable). Valid values: enable,disable.
- broadcast_suppression str
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bss_color_ strpartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable,disable.
- bstm_disassociation_ strimminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable,disable.
- bstm_load_ intbalancing_ disassoc_ timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstm_rssi_ intdisassoc_ timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captive_portal str
- Enable/disable captive portal. Valid values: enable,disable.
- captive_portal_ strac_ name 
- Local-bridging captive portal ac-name.
- captive_portal_ intauth_ timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captive_portal_ strfw_ accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable,disable.
- captive_portal_ strmacauth_ radius_ secret 
- Secret key to access the macauth RADIUS server.
- captive_portal_ strmacauth_ radius_ server 
- Captive portal external RADIUS server domain name or IP address.
- captive_portal_ strradius_ secret 
- Secret key to access the RADIUS server.
- captive_portal_ strradius_ server 
- Captive portal RADIUS server domain name or IP address.
- captive_portal_ intsession_ timeout_ interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcp_address_ strenforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: enable,disable.
- dhcp_lease_ inttime 
- DHCP lease time in seconds for NAT IP address.
- dhcp_option43_ strinsertion 
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable,disable.
- dhcp_option82_ strcircuit_ id_ insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcp_option82_ strinsertion 
- Enable/disable DHCP option 82 insert (default = disable). Valid values: enable,disable.
- dhcp_option82_ strremote_ id_ insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1,disable.
- dynamic_sort_ strsubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamic_vlan str
- Enable/disable dynamic VLAN assignment. Valid values: enable,disable.
- eap_reauth str
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable,disable.
- eap_reauth_ intintv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol_key_ strretries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt str
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- external_fast_ strroaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable,disable.
- external_logout str
- URL of external authentication logout server.
- external_web str
- URL of external authentication web server.
- external_web_ strformat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fast_bss_ strtransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fast_roaming str
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable,disable.
- ft_mobility_ intdomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft_over_ strds 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ft_r0_ intkey_ lifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas_comeback_ intdelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gas_fragmentation_ intlimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- get_all_ strtables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtk_rekey str
- Enable/disable GTK rekey for WPA security. Valid values: enable,disable.
- gtk_rekey_ intintv 
- GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- high_efficiency str
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable,disable.
- hotspot20_profile str
- Hotspot 2.0 profile name.
- igmp_snooping str
- Enable/disable IGMP snooping. Valid values: enable,disable.
- intra_vap_ strprivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable,disable.
- ip str
- IP address and subnet mask for the local standalone NAT subnet.
- ips_sensor str
- IPS sensor name.
- ipv6_rules str
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- key str
- WEP Key.
- keyindex int
- WEP key index (1 - 4).
- l3_roaming str
- Enable/disable layer 3 roaming (default = disable). Valid values: enable,disable.
- l3_roaming_ strmode 
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc str
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,rx,tx,rxtx.
- local_authentication str
- Enable/disable AP local authentication. Valid values: enable,disable.
- local_bridging str
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable,disable.
- local_lan str
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow,deny.
- local_standalone str
- Enable/disable AP local standalone (default = disable). Valid values: enable,disable.
- local_standalone_ strdns 
- Enable/disable AP local standalone DNS. Valid values: enable,disable.
- local_standalone_ strdns_ ip 
- IPv4 addresses for the local standalone DNS.
- local_standalone_ strnat 
- Enable/disable AP local standalone NAT mode. Valid values: enable,disable.
- mac_auth_ strbypass 
- Enable/disable MAC authentication bypass. Valid values: enable,disable.
- mac_called_ strstation_ delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_calling_ strstation_ delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_case str
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- mac_filter str
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable,disable.
- mac_filter_ Sequence[Vaplists Mac Filter List Args] 
- Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_listblock is documented below.
- mac_filter_ strpolicy_ other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow,deny.
- mac_password_ strdelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_username_ strdelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- max_clients int
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max_clients_ intap 
- Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo str
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mbo_cell_ strdata_ conn_ pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- me_disable_ intthresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh_backhaul str
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable,disable.
- mpsk str
- Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable,disable.
- mpsk_concurrent_ intclients 
- Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpsk_keys Sequence[VapMpsk Key Args] 
- Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_keyblock is documented below.
- mpsk_profile str
- MPSK profile name.
- mu_mimo str
- Enable/disable Multi-user MIMO (default = enable). Valid values: enable,disable.
- multicast_enhance str
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable,disable.
- multicast_rate str
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k str
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v str
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac str
- Enable/disable network access control. Valid values: enable,disable.
- nac_profile str
- NAC profile name.
- name str
- Virtual AP name.
- nas_filter_ strrule 
- Enable/disable NAS filter rule support (default = disable). Valid values: enable,disable.
- neighbor_report_ strdual_ band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- okc str
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen str
- Enable/disable OSEN as part of key management (default = disable). Valid values: enable,disable.
- owe_groups str
- OWE-Groups. Valid values: 19,20,21.
- owe_transition str
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- owe_transition_ strssid 
- OWE transition mode peer SSID.
- passphrase str
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf str
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmf_assoc_ intcomeback_ timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf_sa_ intquery_ retry_ timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port_macauth str
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- port_macauth_ intreauth_ timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- port_macauth_ inttimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portal_message_ stroverride_ group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal_message_ Vapoverrides Portal Message Overrides Args 
- Individual message overrides. The structure of portal_message_overridesblock is documented below.
- portal_type str
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primary_wag_ strprofile 
- Primary wireless access gateway profile name.
- probe_resp_ strsuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable,disable.
- probe_resp_ strthreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk_rekey str
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable,disable.
- ptk_rekey_ intintv 
- PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qos_profile str
- Quality of service profile name.
- quarantine str
- Enable/disable station quarantine (default = enable). Valid values: enable,disable.
- radio2g_threshold str
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g_threshold str
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio_sensitivity str
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable,disable.
- radius_mac_ strauth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable,disable.
- radius_mac_ intauth_ block_ interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius_mac_ strauth_ server 
- RADIUS-based MAC authentication server.
- radius_mac_ Sequence[Vapauth_ usergroups Radius Mac Auth Usergroup Args] 
- Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroupsblock is documented below.
- radius_mac_ strmpsk_ auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable,disable.
- radius_mac_ intmpsk_ timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius_server str
- RADIUS server to be used to authenticate WiFi users.
- rates11a str
- Allowed data rates for 802.11a.
- rates11ac_mcs_ strmap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac_ss12 str
- Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11ac_ss34 str
- Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11ax_mcs_ strmap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax_ss12 str
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11ax_ss34 str
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11be_mcs_ strmap 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11be_mcs_ strmap160 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11be_mcs_ strmap320 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg str
- Allowed data rates for 802.11b/g.
- rates11n_ss12 str
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11n_ss34 str
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roaming_acct_ strinterim_ update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable,disable.
- sae_groups str
- SAE-Groups. Valid values: 19,20,21.
- sae_h2e_ stronly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- sae_hnp_ stronly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- sae_password str
- WPA3 SAE password to be used to authenticate WiFi users.
- sae_pk str
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable,disable.
- sae_private_ strkey 
- Private key used for WPA3 SAE-PK authentication.
- scan_botnet_ strconnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,monitor,block.
- schedule str
- VAP schedule name.
- secondary_wag_ strprofile 
- Secondary wireless access gateway profile name.
- security str
- Security mode for the wireless interface (default = wpa2-only-personal).
- security_exempt_ strlist 
- Optional security exempt list for captive portal authentication.
- security_obsolete_ stroption 
- Enable/disable obsolete security options. Valid values: enable,disable.
- security_redirect_ strurl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selected_usergroups Sequence[VapSelected Usergroup Args] 
- Selective user groups that are permitted to authenticate. The structure of selected_usergroupsblock is documented below.
- split_tunneling str
- Enable/disable split tunneling (default = disable). Valid values: enable,disable.
- ssid str
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky_client_ strremove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable,disable.
- sticky_client_ strthreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- sticky_client_ strthreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- sticky_client_ strthreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target_wake_ strtime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: enable,disable.
- tkip_counter_ strmeasure 
- Enable/disable TKIP counter measure. Valid values: enable,disable.
- tunnel_echo_ intinterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel_fallback_ intinterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups
Sequence[VapUsergroup Args] 
- Firewall user group to be used to authenticate WiFi users. The structure of usergroupblock is documented below.
- utm_log str
- Enable/disable UTM logging. Valid values: enable,disable.
- utm_profile str
- UTM profile name.
- utm_status str
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable,disable.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan_auto str
- Enable/disable automatic management of SSID VLAN interface. Valid values: enable,disable.
- vlan_names Sequence[VapVlan Name Args] 
- Table for mapping VLAN name to VLAN ID. The structure of vlan_nameblock is documented below.
- vlan_pooling str
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlan_pools Sequence[VapVlan Pool Args] 
- VLAN pool. The structure of vlan_poolblock is documented below.
- vlanid int
- Optional VLAN ID.
- voice_enterprise str
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilter_profile str
- WebFilter profile name.
- accessControl StringList 
- access-control-list profile name.
- acctInterim NumberInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms String
- Additional AKMs.
- addressGroup String
- Address group ID.
- addressGroup StringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- akm24Only String
- WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable,enable.
- alias String
- Alias.
- antivirusProfile String
- AntiVirus profile name.
- applicationDetection StringEngine 
- Enable/disable application detection engine (default = disable). Valid values: enable,disable.
- applicationDscp StringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable,disable.
- applicationList String
- Application control list name.
- applicationReport NumberIntv 
- Application report interval (30 - 864000 sec, default = 120).
- atfWeight Number
- Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol.
- authCert String
- HTTPS server certificate.
- authPortal StringAddr 
- Address of captive portal.
- beaconAdvertising String
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- beaconProtection String
- Enable/disable beacon protection support (default = disable). Valid values: disable,enable.
- broadcastSsid String
- Enable/disable broadcasting the SSID (default = enable). Valid values: enable,disable.
- broadcastSuppression String
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bssColor StringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable,disable.
- bstmDisassociation StringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable,disable.
- bstmLoad NumberBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstmRssi NumberDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captivePortal String
- Enable/disable captive portal. Valid values: enable,disable.
- captivePortal StringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal NumberAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captivePortal StringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable,disable.
- captivePortal StringMacauth Radius Secret 
- Secret key to access the macauth RADIUS server.
- captivePortal StringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal StringRadius Secret 
- Secret key to access the RADIUS server.
- captivePortal StringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal NumberSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcpAddress StringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: enable,disable.
- dhcpLease NumberTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion String
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable,disable.
- dhcpOption82Circuit StringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcpOption82Insertion String
- Enable/disable DHCP option 82 insert (default = disable). Valid values: enable,disable.
- dhcpOption82Remote StringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1,disable.
- dynamicSort StringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamicVlan String
- Enable/disable dynamic VLAN assignment. Valid values: enable,disable.
- eapReauth String
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable,disable.
- eapReauth NumberIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey StringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast StringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable,disable.
- externalLogout String
- URL of external authentication logout server.
- externalWeb String
- URL of external authentication web server.
- externalWeb StringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss StringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming String
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable,disable.
- ftMobility NumberDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver StringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key NumberLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback NumberDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gasFragmentation NumberLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtkRekey String
- Enable/disable GTK rekey for WPA security. Valid values: enable,disable.
- gtkRekey NumberIntv 
- GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- highEfficiency String
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable,disable.
- hotspot20Profile String
- Hotspot 2.0 profile name.
- igmpSnooping String
- Enable/disable IGMP snooping. Valid values: enable,disable.
- intraVap StringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable,disable.
- ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor String
- IPS sensor name.
- ipv6Rules String
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- key String
- WEP Key.
- keyindex Number
- WEP key index (1 - 4).
- l3Roaming String
- Enable/disable layer 3 roaming (default = disable). Valid values: enable,disable.
- l3RoamingMode String
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,rx,tx,rxtx.
- localAuthentication String
- Enable/disable AP local authentication. Valid values: enable,disable.
- localBridging String
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable,disable.
- localLan String
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow,deny.
- localStandalone String
- Enable/disable AP local standalone (default = disable). Valid values: enable,disable.
- localStandalone StringDns 
- Enable/disable AP local standalone DNS. Valid values: enable,disable.
- localStandalone StringDns Ip 
- IPv4 addresses for the local standalone DNS.
- localStandalone StringNat 
- Enable/disable AP local standalone NAT mode. Valid values: enable,disable.
- macAuth StringBypass 
- Enable/disable MAC authentication bypass. Valid values: enable,disable.
- macCalled StringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCalling StringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCase String
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- macFilter String
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable,disable.
- macFilter List<Property Map>Lists 
- Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_listblock is documented below.
- macFilter StringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow,deny.
- macPassword StringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- maxClients Number
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients NumberAp 
- Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo String
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mboCell StringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- meDisable NumberThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul String
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable,disable.
- mpsk String
- Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable,disable.
- mpskConcurrent NumberClients 
- Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpskKeys List<Property Map>
- Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_keyblock is documented below.
- mpskProfile String
- MPSK profile name.
- muMimo String
- Enable/disable Multi-user MIMO (default = enable). Valid values: enable,disable.
- multicastEnhance String
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable,disable.
- multicastRate String
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac String
- Enable/disable network access control. Valid values: enable,disable.
- nacProfile String
- NAC profile name.
- name String
- Virtual AP name.
- nasFilter StringRule 
- Enable/disable NAS filter rule support (default = disable). Valid values: enable,disable.
- neighborReport StringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values: enable,disable.
- oweGroups String
- OWE-Groups. Valid values: 19,20,21.
- oweTransition String
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition StringSsid 
- OWE transition mode peer SSID.
- passphrase String
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc NumberComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa NumberQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth String
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- portMacauth NumberReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- portMacauth NumberTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portalMessage StringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalMessage Property MapOverrides 
- Individual message overrides. The structure of portal_message_overridesblock is documented below.
- portalType String
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primaryWag StringProfile 
- Primary wireless access gateway profile name.
- probeResp StringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable,disable.
- probeResp StringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey String
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable,disable.
- ptkRekey NumberIntv 
- PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qosProfile String
- Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values: enable,disable.
- radio2gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity String
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable,disable.
- radiusMac StringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable,disable.
- radiusMac NumberAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac StringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac List<Property Map>Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroupsblock is documented below.
- radiusMac StringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable,disable.
- radiusMac NumberMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer String
- RADIUS server to be used to authenticate WiFi users.
- rates11a String
- Allowed data rates for 802.11a.
- rates11acMcs StringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12 String
- Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11acSs34 String
- Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11axMcs StringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12 String
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34 String
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11beMcs StringMap 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11beMcs StringMap160 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11beMcs StringMap320 
- Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg String
- Allowed data rates for 802.11b/g.
- rates11nSs12 String
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34 String
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct StringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable,disable.
- saeGroups String
- SAE-Groups. Valid values: 19,20,21.
- saeH2e StringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- saeHnp StringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable,disable.
- saePassword String
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk String
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable,disable.
- saePrivate StringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet StringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,monitor,block.
- schedule String
- VAP schedule name.
- secondaryWag StringProfile 
- Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal).
- securityExempt StringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete StringOption 
- Enable/disable obsolete security options. Valid values: enable,disable.
- securityRedirect StringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups List<Property Map>
- Selective user groups that are permitted to authenticate. The structure of selected_usergroupsblock is documented below.
- splitTunneling String
- Enable/disable split tunneling (default = disable). Valid values: enable,disable.
- ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient StringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable,disable.
- stickyClient StringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- stickyClient StringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- stickyClient StringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake StringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: enable,disable.
- tkipCounter StringMeasure 
- Enable/disable TKIP counter measure. Valid values: enable,disable.
- tunnelEcho NumberInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback NumberInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups List<Property Map>
- Firewall user group to be used to authenticate WiFi users. The structure of usergroupblock is documented below.
- utmLog String
- Enable/disable UTM logging. Valid values: enable,disable.
- utmProfile String
- UTM profile name.
- utmStatus String
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable,disable.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlanAuto String
- Enable/disable automatic management of SSID VLAN interface. Valid values: enable,disable.
- vlanNames List<Property Map>
- Table for mapping VLAN name to VLAN ID. The structure of vlan_nameblock is documented below.
- vlanPooling String
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanPools List<Property Map>
- VLAN pool. The structure of vlan_poolblock is documented below.
- vlanid Number
- Optional VLAN ID.
- voiceEnterprise String
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile String
- WebFilter profile name.
Supporting Types
VapMacFilterList, VapMacFilterListArgs        
- Id int
- ID.
- Mac string
- MAC address.
- MacFilter stringPolicy 
- Deny or allow the client with this MAC address. Valid values: allow,deny.
- Id int
- ID.
- Mac string
- MAC address.
- MacFilter stringPolicy 
- Deny or allow the client with this MAC address. Valid values: allow,deny.
- id Integer
- ID.
- mac String
- MAC address.
- macFilter StringPolicy 
- Deny or allow the client with this MAC address. Valid values: allow,deny.
- id number
- ID.
- mac string
- MAC address.
- macFilter stringPolicy 
- Deny or allow the client with this MAC address. Valid values: allow,deny.
- id int
- ID.
- mac str
- MAC address.
- mac_filter_ strpolicy 
- Deny or allow the client with this MAC address. Valid values: allow,deny.
- id Number
- ID.
- mac String
- MAC address.
- macFilter StringPolicy 
- Deny or allow the client with this MAC address. Valid values: allow,deny.
VapMpskKey, VapMpskKeyArgs      
- Comment string
- Comment.
- ConcurrentClients string
- Number of clients that can connect using this pre-shared key.
- KeyName string
- Pre-shared key name.
- MpskSchedules List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Mpsk Key Mpsk Schedule> 
- Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of mpsk_schedulesblock is documented below.
- Passphrase string
- WPA Pre-shared key.
- Comment string
- Comment.
- ConcurrentClients string
- Number of clients that can connect using this pre-shared key.
- KeyName string
- Pre-shared key name.
- MpskSchedules []VapMpsk Key Mpsk Schedule 
- Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of mpsk_schedulesblock is documented below.
- Passphrase string
- WPA Pre-shared key.
- comment String
- Comment.
- concurrentClients String
- Number of clients that can connect using this pre-shared key.
- keyName String
- Pre-shared key name.
- mpskSchedules List<VapMpsk Key Mpsk Schedule> 
- Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of mpsk_schedulesblock is documented below.
- passphrase String
- WPA Pre-shared key.
- comment string
- Comment.
- concurrentClients string
- Number of clients that can connect using this pre-shared key.
- keyName string
- Pre-shared key name.
- mpskSchedules VapMpsk Key Mpsk Schedule[] 
- Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of mpsk_schedulesblock is documented below.
- passphrase string
- WPA Pre-shared key.
- comment str
- Comment.
- concurrent_clients str
- Number of clients that can connect using this pre-shared key.
- key_name str
- Pre-shared key name.
- mpsk_schedules Sequence[VapMpsk Key Mpsk Schedule] 
- Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of mpsk_schedulesblock is documented below.
- passphrase str
- WPA Pre-shared key.
- comment String
- Comment.
- concurrentClients String
- Number of clients that can connect using this pre-shared key.
- keyName String
- Pre-shared key name.
- mpskSchedules List<Property Map>
- Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of mpsk_schedulesblock is documented below.
- passphrase String
- WPA Pre-shared key.
VapMpskKeyMpskSchedule, VapMpskKeyMpskScheduleArgs          
- Name string
- Schedule name.
- Name string
- Schedule name.
- name String
- Schedule name.
- name string
- Schedule name.
- name str
- Schedule name.
- name String
- Schedule name.
VapPortalMessageOverrides, VapPortalMessageOverridesArgs        
- AuthDisclaimer stringPage 
- Override auth-disclaimer-page message with message from portal-message-overrides group.
- AuthLogin stringFailed Page 
- Override auth-login-failed-page message with message from portal-message-overrides group.
- AuthLogin stringPage 
- Override auth-login-page message with message from portal-message-overrides group.
- AuthReject stringPage 
- Override auth-reject-page message with message from portal-message-overrides group.
- AuthDisclaimer stringPage 
- Override auth-disclaimer-page message with message from portal-message-overrides group.
- AuthLogin stringFailed Page 
- Override auth-login-failed-page message with message from portal-message-overrides group.
- AuthLogin stringPage 
- Override auth-login-page message with message from portal-message-overrides group.
- AuthReject stringPage 
- Override auth-reject-page message with message from portal-message-overrides group.
- authDisclaimer StringPage 
- Override auth-disclaimer-page message with message from portal-message-overrides group.
- authLogin StringFailed Page 
- Override auth-login-failed-page message with message from portal-message-overrides group.
- authLogin StringPage 
- Override auth-login-page message with message from portal-message-overrides group.
- authReject StringPage 
- Override auth-reject-page message with message from portal-message-overrides group.
- authDisclaimer stringPage 
- Override auth-disclaimer-page message with message from portal-message-overrides group.
- authLogin stringFailed Page 
- Override auth-login-failed-page message with message from portal-message-overrides group.
- authLogin stringPage 
- Override auth-login-page message with message from portal-message-overrides group.
- authReject stringPage 
- Override auth-reject-page message with message from portal-message-overrides group.
- auth_disclaimer_ strpage 
- Override auth-disclaimer-page message with message from portal-message-overrides group.
- auth_login_ strfailed_ page 
- Override auth-login-failed-page message with message from portal-message-overrides group.
- auth_login_ strpage 
- Override auth-login-page message with message from portal-message-overrides group.
- auth_reject_ strpage 
- Override auth-reject-page message with message from portal-message-overrides group.
- authDisclaimer StringPage 
- Override auth-disclaimer-page message with message from portal-message-overrides group.
- authLogin StringFailed Page 
- Override auth-login-failed-page message with message from portal-message-overrides group.
- authLogin StringPage 
- Override auth-login-page message with message from portal-message-overrides group.
- authReject StringPage 
- Override auth-reject-page message with message from portal-message-overrides group.
VapRadiusMacAuthUsergroup, VapRadiusMacAuthUsergroupArgs          
- Name string
- User group name.
- Name string
- User group name.
- name String
- User group name.
- name string
- User group name.
- name str
- User group name.
- name String
- User group name.
VapSelectedUsergroup, VapSelectedUsergroupArgs      
- Name string
- User group name.
- Name string
- User group name.
- name String
- User group name.
- name string
- User group name.
- name str
- User group name.
- name String
- User group name.
VapUsergroup, VapUsergroupArgs    
- Name string
- User group name.
- Name string
- User group name.
- name String
- User group name.
- name string
- User group name.
- name str
- User group name.
- name String
- User group name.
VapVlanName, VapVlanNameArgs      
VapVlanPool, VapVlanPoolArgs      
Import
WirelessController Vap can be imported using any of these accepted formats:
$ pulumi import fortios:wirelesscontroller/vap:Vap labelname {{name}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:wirelesscontroller/vap:Vap labelname {{name}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the fortiosTerraform Provider.
