fortigate

package
v0.0.0-...-24a86a4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 14, 2018 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CsrfToken = "ccsrftoken"

	CsrfTokenHeader = "X-Csrftoken"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Client 

type Client interface {

	// List all VIPs
	ListVIPs() ([]*VIP, error)

	// Get a VIP by name
	GetVIP(mkey string) (*VIP, error)

	// Create a new VIP
	CreateVIP(*VIP) (string, error)

	// Update a VIP
	UpdateVIP(*VIP) error

	// Delete a VIP by name
	DeleteVIP(mkey string) error

	// List all FirewallPolicys
	ListFirewallPolicys() ([]*FirewallPolicy, error)

	// Get a FirewallPolicy by ID
	GetFirewallPolicy(mkey int) (*FirewallPolicy, error)

	// Get a FirewallPolicy by name
	GetFirewallPolicyByName(name string) (*FirewallPolicy, error)

	// Create a new FirewallPolicy
	CreateFirewallPolicy(*FirewallPolicy) (int, error)

	// Update a FirewallPolicy
	UpdateFirewallPolicy(*FirewallPolicy) error

	// Delete a FirewallPolicy by name
	DeleteFirewallPolicy(mkey int) error
}

A fortigate API client

type Endpoint 

type Endpoint struct {
	Path   string `json:"path"`
	Name   string `json:"name"`
	Alias  string
	Schema Schema `json:"schema"`
}

type FakeClient 

type FakeClient struct {
	VIPs map[string]*VIP

	FirewallPolicys map[int]*FirewallPolicy

	FirewallPolicyCounter int
}

Fake Fortigate Client

func NewFakeClient 

func NewFakeClient() *FakeClient

Create a new fake client

func (*FakeClient) CreateFirewallPolicy 

func (c *FakeClient) CreateFirewallPolicy(obj *FirewallPolicy) (id int, err error)

Create a new FirewallPolicy

func (*FakeClient) CreateVIP 

func (c *FakeClient) CreateVIP(obj *VIP) (id string, err error)

Create a new VIP

func (*FakeClient) DeleteFirewallPolicy 

func (c *FakeClient) DeleteFirewallPolicy(mkey int) (err error)

Delete a FirewallPolicy by name

func (*FakeClient) DeleteVIP 

func (c *FakeClient) DeleteVIP(mkey string) (err error)

Delete a VIP by name

func (*FakeClient) GetFirewallPolicy 

func (c *FakeClient) GetFirewallPolicy(mkey int) (*FirewallPolicy, error)

Get a FirewallPolicy by ID

func (*FakeClient) GetFirewallPolicyByName 

func (c *FakeClient) GetFirewallPolicyByName(name string) (res *FirewallPolicy, err error)

Get a FirewallPolicy by name

func (*FakeClient) GetVIP 

func (c *FakeClient) GetVIP(mkey string) (*VIP, error)

Get a VIP by name

func (*FakeClient) ListFirewallPolicys 

func (c *FakeClient) ListFirewallPolicys() (res []*FirewallPolicy, err error)

List all FirewallPolicys

func (*FakeClient) ListVIPs 

func (c *FakeClient) ListVIPs() (res []*VIP, err error)

List all VIPs

func (*FakeClient) UpdateFirewallPolicy 

func (c *FakeClient) UpdateFirewallPolicy(obj *FirewallPolicy) (err error)

Update a FirewallPolicy

func (*FakeClient) UpdateVIP 

func (c *FakeClient) UpdateVIP(obj *VIP) (err error)

Update a VIP

type FirewallPolicy 

type FirewallPolicy struct {

	// Policy action (allow/deny/ipsec).
	Action FirewallPolicyAction `json:"action,omitempty"`

	// Application category ID list.
	AppCategory []FirewallPolicyAppCategory `json:"app-category,omitempty"`

	// Application ID list.
	Application []FirewallPolicyApplication `json:"application,omitempty"`

	// Name of an existing Application list.
	ApplicationList string `json:"application-list,omitempty"`

	// HTTPS server certificate for policy authentication.
	AuthCert string `json:"auth-cert,omitempty"`

	// Enable/disable authentication-based routing.
	AuthPath FirewallPolicyAuthPath `json:"auth-path,omitempty"`

	// HTTP-to-HTTPS redirect address for firewall authentication.
	AuthRedirectAddr string `json:"auth-redirect-addr,omitempty"`

	// Name of an existing Antivirus profile.
	AvProfile string `json:"av-profile,omitempty"`

	// Enable/disable block notification.
	BlockNotification FirewallPolicyBlockNotification `json:"block-notification,omitempty"`

	// Enable to exempt some users from the captive portal.
	CaptivePortalExempt FirewallPolicyCaptivePortalExempt `json:"captive-portal-exempt,omitempty"`

	// Comment.
	Comments string `json:"comments,omitempty"`

	// Custom fields to append to log messages for this policy.
	CustomLogFields []FirewallPolicyCustomLogFields `json:"custom-log-fields,omitempty"`

	// Enable TCP NPU session delay to guarantee packet order of 3-way handshake.
	DelayTcpNpuSession FirewallPolicyDelayTcpNpuSession `json:"delay-tcp-npu-session,omitempty"`

	// Names of devices or device groups that can be matched by the policy.
	Devices []FirewallPolicyDevices `json:"devices,omitempty"`

	// Enable to change packet's DiffServ values to the specified diffservcode-forward value.
	DiffservForward FirewallPolicyDiffservForward `json:"diffserv-forward,omitempty"`

	// Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.
	DiffservReverse FirewallPolicyDiffservReverse `json:"diffserv-reverse,omitempty"`

	// Change packet's DiffServ to this value.
	DiffservcodeForward string `json:"diffservcode-forward,omitempty"`

	// Change packet's reverse (reply) DiffServ to this value.
	DiffservcodeRev string `json:"diffservcode-rev,omitempty"`

	// Enable/disable user authentication disclaimer.
	Disclaimer FirewallPolicyDisclaimer `json:"disclaimer,omitempty"`

	// Name of an existing DLP sensor.
	DlpSensor string `json:"dlp-sensor,omitempty"`

	// Name of an existing DNS filter profile.
	DnsfilterProfile string `json:"dnsfilter-profile,omitempty"`

	// Enable DSCP check.
	DscpMatch FirewallPolicyDscpMatch `json:"dscp-match,omitempty"`

	// Enable negated DSCP match.
	DscpNegate FirewallPolicyDscpNegate `json:"dscp-negate,omitempty"`

	// DSCP value.
	DscpValue string `json:"dscp-value,omitempty"`

	// Enable DSRI to ignore HTTP server responses.
	Dsri FirewallPolicyDsri `json:"dsri,omitempty"`

	// Destination address and address group names.
	Dstaddr []FirewallPolicyDstaddr `json:"dstaddr,omitempty"`

	// When enabled dstaddr specifies what the destination address must NOT be.
	DstaddrNegate FirewallPolicyDstaddrNegate `json:"dstaddr-negate,omitempty"`

	// Outgoing (egress) interface.
	Dstintf []FirewallPolicyDstintf `json:"dstintf,omitempty"`

	// How to handle sessions if the configuration of this firewall policy changes.
	FirewallSessionDirty FirewallPolicyFirewallSessionDirty `json:"firewall-session-dirty,omitempty"`

	// Enable to prevent source NAT from changing a session's source port.
	Fixedport FirewallPolicyFixedport `json:"fixedport,omitempty"`

	// Enable/disable Fortinet Single Sign-On.
	Fsso FirewallPolicyFsso `json:"fsso,omitempty"`

	// FSSO agent to use for NTLM authentication.
	FssoAgentForNtlm string `json:"fsso-agent-for-ntlm,omitempty"`

	// Label for the policy that appears when the GUI is in Global View mode.
	GlobalLabel string `json:"global-label,omitempty"`

	// Names of user groups that can authenticate with this policy.
	Groups []FirewallPolicyGroups `json:"groups,omitempty"`

	// Name of an existing ICAP profile.
	IcapProfile string `json:"icap-profile,omitempty"`

	// Name of identity-based routing rule.
	IdentityBasedRoute string `json:"identity-based-route,omitempty"`

	// Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN.
	Inbound FirewallPolicyInbound `json:"inbound,omitempty"`

	// Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.
	InternetService FirewallPolicyInternetService `json:"internet-service,omitempty"`

	// Custom Internet Service Name.
	InternetServiceCustom []FirewallPolicyInternetServiceCustom `json:"internet-service-custom,omitempty"`

	// Internet Service ID.
	InternetServiceId []FirewallPolicyInternetServiceId `json:"internet-service-id,omitempty"`

	// When enabled internet-service specifies what the service must NOT be.
	InternetServiceNegate FirewallPolicyInternetServiceNegate `json:"internet-service-negate,omitempty"`

	// Enable to use IP Pools for source NAT.
	Ippool FirewallPolicyIppool `json:"ippool,omitempty"`

	// Name of an existing IPS sensor.
	IpsSensor string `json:"ips-sensor,omitempty"`

	// Label for the policy that appears when the GUI is in Section View mode.
	Label string `json:"label,omitempty"`

	// Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated.
	LearningMode FirewallPolicyLearningMode `json:"learning-mode,omitempty"`

	// Enable or disable logging. Log all sessions or security profile sessions.
	Logtraffic FirewallPolicyLogtraffic `json:"logtraffic,omitempty"`

	// Record logs when a session starts and ends.
	LogtrafficStart FirewallPolicyLogtrafficStart `json:"logtraffic-start,omitempty"`

	// Enable to match packets that have had their destination addresses changed by a VIP.
	MatchVip FirewallPolicyMatchVip `json:"match-vip,omitempty"`

	// Policy name.
	Name string `json:"name,omitempty"`

	// Enable/disable source NAT.
	Nat FirewallPolicyNat `json:"nat,omitempty"`

	// Policy-based IPsec VPN: apply destination NAT to inbound traffic.
	Natinbound FirewallPolicyNatinbound `json:"natinbound,omitempty"`

	// Policy-based IPsec VPN: source NAT IP address for outgoing traffic.
	Natip string `json:"natip,omitempty"`

	// Policy-based IPsec VPN: apply source NAT to outbound traffic.
	Natoutbound FirewallPolicyNatoutbound `json:"natoutbound,omitempty"`

	// Enable/disable NTLM authentication.
	Ntlm FirewallPolicyNtlm `json:"ntlm,omitempty"`

	// HTTP-User-Agent value of supported browsers.
	NtlmEnabledBrowsers []FirewallPolicyNtlmEnabledBrowsers `json:"ntlm-enabled-browsers,omitempty"`

	// Enable/disable NTLM guest user access.
	NtlmGuest FirewallPolicyNtlmGuest `json:"ntlm-guest,omitempty"`

	// Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN.
	Outbound FirewallPolicyOutbound `json:"outbound,omitempty"`

	// Per-IP traffic shaper.
	PerIpShaper string `json:"per-ip-shaper,omitempty"`

	// Accept UDP packets from any host.
	PermitAnyHost FirewallPolicyPermitAnyHost `json:"permit-any-host,omitempty"`

	// Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host.
	PermitStunHost FirewallPolicyPermitStunHost `json:"permit-stun-host,omitempty"`

	// Policy ID.
	Policyid int `json:"policyid,omitempty"`

	// IP Pool names.
	Poolname []FirewallPolicyPoolname `json:"poolname,omitempty"`

	// Name of profile group.
	ProfileGroup string `json:"profile-group,omitempty"`

	// Name of an existing Protocol options profile.
	ProfileProtocolOptions string `json:"profile-protocol-options,omitempty"`

	// Determine whether the firewall policy allows security profile groups or single profiles only.
	ProfileType FirewallPolicyProfileType `json:"profile-type,omitempty"`

	// Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server.
	RadiusMacAuthBypass FirewallPolicyRadiusMacAuthBypass `json:"radius-mac-auth-bypass,omitempty"`

	// URL users are directed to after seeing and accepting the disclaimer or authenticating.
	RedirectUrl string `json:"redirect-url,omitempty"`

	// Override the default replacement message group for this policy.
	ReplacemsgOverrideGroup string `json:"replacemsg-override-group,omitempty"`

	// Enable/disable RADIUS single sign-on (RSSO).
	Rsso FirewallPolicyRsso `json:"rsso,omitempty"`

	// Address names if this is an RTP NAT policy.
	RtpAddr []FirewallPolicyRtpAddr `json:"rtp-addr,omitempty"`

	// Enable Real Time Protocol (RTP) NAT.
	RtpNat FirewallPolicyRtpNat `json:"rtp-nat,omitempty"`

	// Block or monitor connections to Botnet servers or disable Botnet scanning.
	ScanBotnetConnections FirewallPolicyScanBotnetConnections `json:"scan-botnet-connections,omitempty"`

	// Schedule name.
	Schedule string `json:"schedule,omitempty"`

	// Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity.
	ScheduleTimeout FirewallPolicyScheduleTimeout `json:"schedule-timeout,omitempty"`

	// Enable to send a reply when a session is denied or blocked by a firewall policy.
	SendDenyPacket FirewallPolicySendDenyPacket `json:"send-deny-packet,omitempty"`

	// Service and service group names.
	Service []FirewallPolicyService `json:"service,omitempty"`

	// When enabled service specifies what the service must NOT be.
	ServiceNegate FirewallPolicyServiceNegate `json:"service-negate,omitempty"`

	// Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
	SessionTtl int `json:"session-ttl,omitempty"`

	// Name of an existing Spam filter profile.
	SpamfilterProfile string `json:"spamfilter-profile,omitempty"`

	// Source address and address group names.
	Srcaddr []FirewallPolicySrcaddr `json:"srcaddr,omitempty"`

	// When enabled srcaddr specifies what the source address must NOT be.
	SrcaddrNegate FirewallPolicySrcaddrNegate `json:"srcaddr-negate,omitempty"`

	// Incoming (ingress) interface.
	Srcintf []FirewallPolicySrcintf `json:"srcintf,omitempty"`

	// Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring).
	SslMirror FirewallPolicySslMirror `json:"ssl-mirror,omitempty"`

	// SSL mirror interface name.
	SslMirrorIntf []FirewallPolicySslMirrorIntf `json:"ssl-mirror-intf,omitempty"`

	// Name of an existing SSL SSH profile.
	SslSshProfile string `json:"ssl-ssh-profile,omitempty"`

	// Enable or disable this policy.
	Status FirewallPolicyStatus `json:"status,omitempty"`

	// Names of object-tags applied to this policy.
	Tags []FirewallPolicyTags `json:"tags,omitempty"`

	// Receiver TCP maximum segment size (MSS).
	TcpMssReceiver int `json:"tcp-mss-receiver,omitempty"`

	// Sender TCP maximum segment size (MSS).
	TcpMssSender int `json:"tcp-mss-sender,omitempty"`

	// Enable/disable creation of TCP session without SYN flag.
	TcpSessionWithoutSyn FirewallPolicyTcpSessionWithoutSyn `json:"tcp-session-without-syn,omitempty"`

	// Enable/disable sending RST packets when TCP sessions expire.
	TimeoutSendRst FirewallPolicyTimeoutSendRst `json:"timeout-send-rst,omitempty"`

	// Traffic shaper.
	TrafficShaper string `json:"traffic-shaper,omitempty"`

	// Reverse traffic shaper.
	TrafficShaperReverse string `json:"traffic-shaper-reverse,omitempty"`

	// URL category ID list.
	UrlCategory []FirewallPolicyUrlCategory `json:"url-category,omitempty"`

	// Names of individual users that can authenticate with this policy.
	Users []FirewallPolicyUsers `json:"users,omitempty"`

	// Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
	UtmStatus FirewallPolicyUtmStatus `json:"utm-status,omitempty"`

	// Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
	Uuid string `json:"uuid,omitempty"`

	// VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest.
	VlanCosFwd int `json:"vlan-cos-fwd,omitempty"`

	// VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest..
	VlanCosRev int `json:"vlan-cos-rev,omitempty"`

	// Name of an existing VoIP profile.
	VoipProfile string `json:"voip-profile,omitempty"`

	// Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
	Vpntunnel string `json:"vpntunnel,omitempty"`

	// Name of an existing Web application firewall profile.
	WafProfile string `json:"waf-profile,omitempty"`

	// Enable/disable forwarding traffic matching this policy to a configured WCCP server.
	Wccp FirewallPolicyWccp `json:"wccp,omitempty"`

	// Name of an existing Web filter profile.
	WebfilterProfile string `json:"webfilter-profile,omitempty"`

	// Enable/disable WiFi Single Sign On (WSSO).
	Wsso FirewallPolicyWsso `json:"wsso,omitempty"`
}

Configure IPv4 policies.

func (*FirewallPolicy) MKey 

func (x *FirewallPolicy) MKey() int

Returns the value that identifies a FirewallPolicy

type FirewallPolicyAction 

type FirewallPolicyAction string

Policy action (allow/deny/ipsec). 

const (
	// Allows session that match the firewall policy.
	FirewallPolicyActionAccept FirewallPolicyAction = "accept"

	// Blocks sessions that match the firewall policy.
	FirewallPolicyActionDeny FirewallPolicyAction = "deny"

	// Firewall policy becomes a policy-based IPsec VPN policy.
	FirewallPolicyActionIpsec FirewallPolicyAction = "ipsec"
)

type FirewallPolicyAppCategory 

type FirewallPolicyAppCategory struct {

	// Category IDs.
	Id int `json:"id,omitempty"`
}

Application category ID list.

type FirewallPolicyApplication 

type FirewallPolicyApplication struct {

	// Application IDs.
	Id int `json:"id,omitempty"`
}

Application ID list.

type FirewallPolicyAuthPath 

type FirewallPolicyAuthPath string

Enable/disable authentication-based routing. 

const (
	// Enable authentication-based routing.
	FirewallPolicyAuthPathEnable FirewallPolicyAuthPath = "enable"

	// Disable authentication-based routing.
	FirewallPolicyAuthPathDisable FirewallPolicyAuthPath = "disable"
)

type FirewallPolicyBlockNotification 

type FirewallPolicyBlockNotification string

Enable/disable block notification. 

const (
	// Enable setting.
	FirewallPolicyBlockNotificationEnable FirewallPolicyBlockNotification = "enable"

	// Disable setting.
	FirewallPolicyBlockNotificationDisable FirewallPolicyBlockNotification = "disable"
)

type FirewallPolicyCaptivePortalExempt 

type FirewallPolicyCaptivePortalExempt string

Enable to exempt some users from the captive portal. 

const (
	// Enable exemption of captive portal.
	FirewallPolicyCaptivePortalExemptEnable FirewallPolicyCaptivePortalExempt = "enable"

	// Disable exemption of captive portal.
	FirewallPolicyCaptivePortalExemptDisable FirewallPolicyCaptivePortalExempt = "disable"
)

type FirewallPolicyCustomLogFields 

type FirewallPolicyCustomLogFields struct {

	// Custom log field.
	FieldId string `json:"field-id,omitempty"`
}

Custom fields to append to log messages for this policy.

type FirewallPolicyDelayTcpNpuSession 

type FirewallPolicyDelayTcpNpuSession string

Enable TCP NPU session delay to guarantee packet order of 3-way handshake. 

const (
	// Enable TCP NPU session delay in order to guarantee packet order of 3-way handshake.
	FirewallPolicyDelayTcpNpuSessionEnable FirewallPolicyDelayTcpNpuSession = "enable"

	// Disable TCP NPU session delay in order to guarantee packet order of 3-way handshake.
	FirewallPolicyDelayTcpNpuSessionDisable FirewallPolicyDelayTcpNpuSession = "disable"
)

type FirewallPolicyDevices 

type FirewallPolicyDevices struct {

	// Device or group name.
	Name string `json:"name,omitempty"`
}

Names of devices or device groups that can be matched by the policy.

type FirewallPolicyDiffservForward 

type FirewallPolicyDiffservForward string

Enable to change packet's DiffServ values to the specified diffservcode-forward value. 

const (
	// Enable WAN optimization.
	FirewallPolicyDiffservForwardEnable FirewallPolicyDiffservForward = "enable"

	// Disable WAN optimization.
	FirewallPolicyDiffservForwardDisable FirewallPolicyDiffservForward = "disable"
)

type FirewallPolicyDiffservReverse 

type FirewallPolicyDiffservReverse string

Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. 

const (
	// Enable setting.
	FirewallPolicyDiffservReverseEnable FirewallPolicyDiffservReverse = "enable"

	// Disable setting.
	FirewallPolicyDiffservReverseDisable FirewallPolicyDiffservReverse = "disable"
)

type FirewallPolicyDisclaimer 

type FirewallPolicyDisclaimer string

Enable/disable user authentication disclaimer. 

const (
	// Enable user authentication disclaimer.
	FirewallPolicyDisclaimerEnable FirewallPolicyDisclaimer = "enable"

	// Disable user authentication disclaimer.
	FirewallPolicyDisclaimerDisable FirewallPolicyDisclaimer = "disable"
)

type FirewallPolicyDscpMatch 

type FirewallPolicyDscpMatch string

Enable DSCP check. 

const (
	// Enable DSCP check.
	FirewallPolicyDscpMatchEnable FirewallPolicyDscpMatch = "enable"

	// Disable DSCP check.
	FirewallPolicyDscpMatchDisable FirewallPolicyDscpMatch = "disable"
)

type FirewallPolicyDscpNegate 

type FirewallPolicyDscpNegate string

Enable negated DSCP match. 

const (
	// Enable DSCP negate.
	FirewallPolicyDscpNegateEnable FirewallPolicyDscpNegate = "enable"

	// Disable DSCP negate.
	FirewallPolicyDscpNegateDisable FirewallPolicyDscpNegate = "disable"
)

type FirewallPolicyDsri 

type FirewallPolicyDsri string

Enable DSRI to ignore HTTP server responses. 

const (
	// Enable DSRI.
	FirewallPolicyDsriEnable FirewallPolicyDsri = "enable"

	// Disable DSRI.
	FirewallPolicyDsriDisable FirewallPolicyDsri = "disable"
)

type FirewallPolicyDstaddr 

type FirewallPolicyDstaddr struct {

	// Address name.
	Name string `json:"name,omitempty"`
}

Destination address and address group names.

type FirewallPolicyDstaddrNegate 

type FirewallPolicyDstaddrNegate string

When enabled dstaddr specifies what the destination address must NOT be. 

const (
	// Enable destination address negate.
	FirewallPolicyDstaddrNegateEnable FirewallPolicyDstaddrNegate = "enable"

	// Disable destination address negate.
	FirewallPolicyDstaddrNegateDisable FirewallPolicyDstaddrNegate = "disable"
)

type FirewallPolicyDstintf 

type FirewallPolicyDstintf struct {

	// Interface name.
	Name string `json:"name,omitempty"`
}

Outgoing (egress) interface.

type FirewallPolicyFirewallSessionDirty 

type FirewallPolicyFirewallSessionDirty string

How to handle sessions if the configuration of this firewall policy changes. 

const (
	// Flush all current sessions accepted by this policy. These sessions must be started and re-matched with policies.
	FirewallPolicyFirewallSessionDirtyCheckAll FirewallPolicyFirewallSessionDirty = "check-all"

	// Continue to allow sessions already accepted by this policy.
	FirewallPolicyFirewallSessionDirtyCheckNew FirewallPolicyFirewallSessionDirty = "check-new"
)

type FirewallPolicyFixedport 

type FirewallPolicyFixedport string

Enable to prevent source NAT from changing a session's source port. 

const (
	// Enable setting.
	FirewallPolicyFixedportEnable FirewallPolicyFixedport = "enable"

	// Disable setting.
	FirewallPolicyFixedportDisable FirewallPolicyFixedport = "disable"
)

type FirewallPolicyFsso 

type FirewallPolicyFsso string

Enable/disable Fortinet Single Sign-On. 

const (
	// Enable setting.
	FirewallPolicyFssoEnable FirewallPolicyFsso = "enable"

	// Disable setting.
	FirewallPolicyFssoDisable FirewallPolicyFsso = "disable"
)

type FirewallPolicyGroups 

type FirewallPolicyGroups struct {

	// Group name.
	Name string `json:"name,omitempty"`
}

Names of user groups that can authenticate with this policy.

type FirewallPolicyInbound 

type FirewallPolicyInbound string

Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. 

const (
	// Enable setting.
	FirewallPolicyInboundEnable FirewallPolicyInbound = "enable"

	// Disable setting.
	FirewallPolicyInboundDisable FirewallPolicyInbound = "disable"
)

type FirewallPolicyInternetService 

type FirewallPolicyInternetService string

Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. 

const (
	// Enable use of Internet Services in policy.
	FirewallPolicyInternetServiceEnable FirewallPolicyInternetService = "enable"

	// Disable use of Internet Services in policy.
	FirewallPolicyInternetServiceDisable FirewallPolicyInternetService = "disable"
)

type FirewallPolicyInternetServiceCustom 

type FirewallPolicyInternetServiceCustom struct {

	// Custom Internet Service name.
	Name string `json:"name,omitempty"`
}

Custom Internet Service Name.

type FirewallPolicyInternetServiceId 

type FirewallPolicyInternetServiceId struct {

	// Internet Service ID.
	Id int `json:"id,omitempty"`
}

Internet Service ID.

type FirewallPolicyInternetServiceNegate 

type FirewallPolicyInternetServiceNegate string

When enabled internet-service specifies what the service must NOT be. 

const (
	// Enable negated Internet Service match.
	FirewallPolicyInternetServiceNegateEnable FirewallPolicyInternetServiceNegate = "enable"

	// Disable negated Internet Service match.
	FirewallPolicyInternetServiceNegateDisable FirewallPolicyInternetServiceNegate = "disable"
)

type FirewallPolicyIppool 

type FirewallPolicyIppool string

Enable to use IP Pools for source NAT. 

const (
	// Enable setting.
	FirewallPolicyIppoolEnable FirewallPolicyIppool = "enable"

	// Disable setting.
	FirewallPolicyIppoolDisable FirewallPolicyIppool = "disable"
)

type FirewallPolicyLearningMode 

type FirewallPolicyLearningMode string

Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. 

const (
	// Enable learning mode in firewall policy.
	FirewallPolicyLearningModeEnable FirewallPolicyLearningMode = "enable"

	// Disable learning mode in firewall policy.
	FirewallPolicyLearningModeDisable FirewallPolicyLearningMode = "disable"
)

type FirewallPolicyLogtraffic 

type FirewallPolicyLogtraffic string

Enable or disable logging. Log all sessions or security profile sessions. 

const (
	// Log all sessions accepted or denied by this policy.
	FirewallPolicyLogtrafficAll FirewallPolicyLogtraffic = "all"

	// Log traffic that has a security profile applied to it.
	FirewallPolicyLogtrafficUtm FirewallPolicyLogtraffic = "utm"

	// Disable all logging for this policy.
	FirewallPolicyLogtrafficDisable FirewallPolicyLogtraffic = "disable"
)

type FirewallPolicyLogtrafficStart 

type FirewallPolicyLogtrafficStart string

Record logs when a session starts and ends. 

const (
	// Enable setting.
	FirewallPolicyLogtrafficStartEnable FirewallPolicyLogtrafficStart = "enable"

	// Disable setting.
	FirewallPolicyLogtrafficStartDisable FirewallPolicyLogtrafficStart = "disable"
)

type FirewallPolicyMatchVip 

type FirewallPolicyMatchVip string

Enable to match packets that have had their destination addresses changed by a VIP. 

const (
	// Match DNATed packet.
	FirewallPolicyMatchVipEnable FirewallPolicyMatchVip = "enable"

	// Do not match DNATed packet.
	FirewallPolicyMatchVipDisable FirewallPolicyMatchVip = "disable"
)

type FirewallPolicyNat 

type FirewallPolicyNat string

Enable/disable source NAT. 

const (
	// Enable setting.
	FirewallPolicyNatEnable FirewallPolicyNat = "enable"

	// Disable setting.
	FirewallPolicyNatDisable FirewallPolicyNat = "disable"
)

type FirewallPolicyNatinbound 

type FirewallPolicyNatinbound string

Policy-based IPsec VPN: apply destination NAT to inbound traffic. 

const (
	// Enable setting.
	FirewallPolicyNatinboundEnable FirewallPolicyNatinbound = "enable"

	// Disable setting.
	FirewallPolicyNatinboundDisable FirewallPolicyNatinbound = "disable"
)

type FirewallPolicyNatoutbound 

type FirewallPolicyNatoutbound string

Policy-based IPsec VPN: apply source NAT to outbound traffic. 

const (
	// Enable setting.
	FirewallPolicyNatoutboundEnable FirewallPolicyNatoutbound = "enable"

	// Disable setting.
	FirewallPolicyNatoutboundDisable FirewallPolicyNatoutbound = "disable"
)

type FirewallPolicyNtlm 

type FirewallPolicyNtlm string

Enable/disable NTLM authentication. 

const (
	// Enable setting.
	FirewallPolicyNtlmEnable FirewallPolicyNtlm = "enable"

	// Disable setting.
	FirewallPolicyNtlmDisable FirewallPolicyNtlm = "disable"
)

type FirewallPolicyNtlmEnabledBrowsers 

type FirewallPolicyNtlmEnabledBrowsers struct {

	// User agent string.
	UserAgentString string `json:"user-agent-string,omitempty"`
}

HTTP-User-Agent value of supported browsers.

type FirewallPolicyNtlmGuest 

type FirewallPolicyNtlmGuest string

Enable/disable NTLM guest user access. 

const (
	// Enable setting.
	FirewallPolicyNtlmGuestEnable FirewallPolicyNtlmGuest = "enable"

	// Disable setting.
	FirewallPolicyNtlmGuestDisable FirewallPolicyNtlmGuest = "disable"
)

type FirewallPolicyOutbound 

type FirewallPolicyOutbound string

Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. 

const (
	// Enable setting.
	FirewallPolicyOutboundEnable FirewallPolicyOutbound = "enable"

	// Disable setting.
	FirewallPolicyOutboundDisable FirewallPolicyOutbound = "disable"
)

type FirewallPolicyPermitAnyHost 

type FirewallPolicyPermitAnyHost string

Accept UDP packets from any host. 

const (
	// Enable setting.
	FirewallPolicyPermitAnyHostEnable FirewallPolicyPermitAnyHost = "enable"

	// Disable setting.
	FirewallPolicyPermitAnyHostDisable FirewallPolicyPermitAnyHost = "disable"
)

type FirewallPolicyPermitStunHost 

type FirewallPolicyPermitStunHost string

Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. 

const (
	// Enable setting.
	FirewallPolicyPermitStunHostEnable FirewallPolicyPermitStunHost = "enable"

	// Disable setting.
	FirewallPolicyPermitStunHostDisable FirewallPolicyPermitStunHost = "disable"
)

type FirewallPolicyPoolname 

type FirewallPolicyPoolname struct {

	// IP pool name.
	Name string `json:"name,omitempty"`
}

IP Pool names.

type FirewallPolicyProfileType 

type FirewallPolicyProfileType string

Determine whether the firewall policy allows security profile groups or single profiles only. 

const (
	// Do not allow security profile groups.
	FirewallPolicyProfileTypeSingle FirewallPolicyProfileType = "single"

	// Allow security profile groups.
	FirewallPolicyProfileTypeGroup FirewallPolicyProfileType = "group"
)

type FirewallPolicyRadiusMacAuthBypass 

type FirewallPolicyRadiusMacAuthBypass string

Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server. 

const (
	// Enable MAC authentication bypass.
	FirewallPolicyRadiusMacAuthBypassEnable FirewallPolicyRadiusMacAuthBypass = "enable"

	// Disable MAC authentication bypass.
	FirewallPolicyRadiusMacAuthBypassDisable FirewallPolicyRadiusMacAuthBypass = "disable"
)

type FirewallPolicyResults 

type FirewallPolicyResults struct {
	Results []*FirewallPolicy `json:"results"`
	Mkey    int               `json:"mkey"`
	Result
}

The results of a Get or List operation

type FirewallPolicyRsso 

type FirewallPolicyRsso string

Enable/disable RADIUS single sign-on (RSSO). 

const (
	// Enable setting.
	FirewallPolicyRssoEnable FirewallPolicyRsso = "enable"

	// Disable setting.
	FirewallPolicyRssoDisable FirewallPolicyRsso = "disable"
)

type FirewallPolicyRtpAddr 

type FirewallPolicyRtpAddr struct {

	// Address name.
	Name string `json:"name,omitempty"`
}

Address names if this is an RTP NAT policy.

type FirewallPolicyRtpNat 

type FirewallPolicyRtpNat string

Enable Real Time Protocol (RTP) NAT. 

const (
	// Disable setting.
	FirewallPolicyRtpNatDisable FirewallPolicyRtpNat = "disable"

	// Enable setting.
	FirewallPolicyRtpNatEnable FirewallPolicyRtpNat = "enable"
)

type FirewallPolicyScanBotnetConnections 

type FirewallPolicyScanBotnetConnections string

Block or monitor connections to Botnet servers or disable Botnet scanning. 

const (
	// Do not scan connections to botnet servers.
	FirewallPolicyScanBotnetConnectionsDisable FirewallPolicyScanBotnetConnections = "disable"

	// Block connections to botnet servers.
	FirewallPolicyScanBotnetConnectionsBlock FirewallPolicyScanBotnetConnections = "block"

	// Log connections to botnet servers.
	FirewallPolicyScanBotnetConnectionsMonitor FirewallPolicyScanBotnetConnections = "monitor"
)

type FirewallPolicyScheduleTimeout 

type FirewallPolicyScheduleTimeout string

Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity. 

const (
	// Enable schedule timeout.
	FirewallPolicyScheduleTimeoutEnable FirewallPolicyScheduleTimeout = "enable"

	// Disable schedule timeout.
	FirewallPolicyScheduleTimeoutDisable FirewallPolicyScheduleTimeout = "disable"
)

type FirewallPolicySendDenyPacket 

type FirewallPolicySendDenyPacket string

Enable to send a reply when a session is denied or blocked by a firewall policy. 

const (
	// Disable deny-packet sending.
	FirewallPolicySendDenyPacketDisable FirewallPolicySendDenyPacket = "disable"

	// Enable deny-packet sending.
	FirewallPolicySendDenyPacketEnable FirewallPolicySendDenyPacket = "enable"
)

type FirewallPolicyService 

type FirewallPolicyService struct {

	// Service and service group names.
	Name string `json:"name,omitempty"`
}

Service and service group names.

type FirewallPolicyServiceNegate 

type FirewallPolicyServiceNegate string

When enabled service specifies what the service must NOT be. 

const (
	// Enable negated service match.
	FirewallPolicyServiceNegateEnable FirewallPolicyServiceNegate = "enable"

	// Disable negated service match.
	FirewallPolicyServiceNegateDisable FirewallPolicyServiceNegate = "disable"
)

type FirewallPolicySrcaddr 

type FirewallPolicySrcaddr struct {

	// Address name.
	Name string `json:"name,omitempty"`
}

Source address and address group names.

type FirewallPolicySrcaddrNegate 

type FirewallPolicySrcaddrNegate string

When enabled srcaddr specifies what the source address must NOT be. 

const (
	// Enable source address negate.
	FirewallPolicySrcaddrNegateEnable FirewallPolicySrcaddrNegate = "enable"

	// Disable source address negate.
	FirewallPolicySrcaddrNegateDisable FirewallPolicySrcaddrNegate = "disable"
)

type FirewallPolicySrcintf 

type FirewallPolicySrcintf struct {

	// Interface name.
	Name string `json:"name,omitempty"`
}

Incoming (ingress) interface.

type FirewallPolicySslMirror 

type FirewallPolicySslMirror string

Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). 

const (
	// Enable SSL mirror.
	FirewallPolicySslMirrorEnable FirewallPolicySslMirror = "enable"

	// Disable SSL mirror.
	FirewallPolicySslMirrorDisable FirewallPolicySslMirror = "disable"
)

type FirewallPolicySslMirrorIntf 

type FirewallPolicySslMirrorIntf struct {

	// Mirror Interface name.
	Name string `json:"name,omitempty"`
}

SSL mirror interface name.

type FirewallPolicyStatus 

type FirewallPolicyStatus string

Enable or disable this policy. 

const (
	// Enable setting.
	FirewallPolicyStatusEnable FirewallPolicyStatus = "enable"

	// Disable setting.
	FirewallPolicyStatusDisable FirewallPolicyStatus = "disable"
)

type FirewallPolicyTags 

type FirewallPolicyTags struct {

	// Tag name.
	Name string `json:"name,omitempty"`
}

Names of object-tags applied to this policy.

type FirewallPolicyTcpSessionWithoutSyn 

type FirewallPolicyTcpSessionWithoutSyn string

Enable/disable creation of TCP session without SYN flag. 

const (
	// Enable TCP session without SYN.
	FirewallPolicyTcpSessionWithoutSynAll FirewallPolicyTcpSessionWithoutSyn = "all"

	// Enable TCP session data only.
	FirewallPolicyTcpSessionWithoutSynDataOnly FirewallPolicyTcpSessionWithoutSyn = "data-only"

	// Disable TCP session without SYN.
	FirewallPolicyTcpSessionWithoutSynDisable FirewallPolicyTcpSessionWithoutSyn = "disable"
)

type FirewallPolicyTimeoutSendRst 

type FirewallPolicyTimeoutSendRst string

Enable/disable sending RST packets when TCP sessions expire. 

const (
	// Enable sending of RST packet upon TCP session expiration.
	FirewallPolicyTimeoutSendRstEnable FirewallPolicyTimeoutSendRst = "enable"

	// Disable sending of RST packet upon TCP session expiration.
	FirewallPolicyTimeoutSendRstDisable FirewallPolicyTimeoutSendRst = "disable"
)

type FirewallPolicyUrlCategory 

type FirewallPolicyUrlCategory struct {

	// URL category ID.
	Id int `json:"id,omitempty"`
}

URL category ID list.

type FirewallPolicyUsers 

type FirewallPolicyUsers struct {

	// Names of individual users that can authenticate with this policy.
	Name string `json:"name,omitempty"`
}

Names of individual users that can authenticate with this policy.

type FirewallPolicyUtmStatus 

type FirewallPolicyUtmStatus string

Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. 

const (
	// Enable setting.
	FirewallPolicyUtmStatusEnable FirewallPolicyUtmStatus = "enable"

	// Disable setting.
	FirewallPolicyUtmStatusDisable FirewallPolicyUtmStatus = "disable"
)

type FirewallPolicyWccp 

type FirewallPolicyWccp string

Enable/disable forwarding traffic matching this policy to a configured WCCP server. 

const (
	// Enable WCCP setting.
	FirewallPolicyWccpEnable FirewallPolicyWccp = "enable"

	// Disable WCCP setting.
	FirewallPolicyWccpDisable FirewallPolicyWccp = "disable"
)

type FirewallPolicyWsso 

type FirewallPolicyWsso string

Enable/disable WiFi Single Sign On (WSSO). 

const (
	// Enable setting.
	FirewallPolicyWssoEnable FirewallPolicyWsso = "enable"

	// Disable setting.
	FirewallPolicyWssoDisable FirewallPolicyWsso = "disable"
)

type Result 

type Result struct {
	HTTPMethod string `json:"http_method,omitempty"`
	Revision   string `json:"revision,omitempty"`
	Status     string `json:"status,omitempty"`
	HTTPStatus int    `json:"http_status,omitempty"`
	Vdom       string `json:"vdom,omitempty"`
	Path       string `json:"path,omitempty"`
	Name       string `json:"name,omitempty"`
	Serial     string `json:"serial,omitempty"`
	Version    string `json:"version,omitempty"`
	Build      int    `json:"build,omitempty"`
	Action     string `json:"action,omitempty"`
}

type Schema 

type Schema struct {
	Name     string                 `json:"name,omitempty"`
	Category string                 `json:"category,omitempty"`
	Mkey     string                 `json:"mkey,omitempty"`
	MkeyType string                 `json:"mkey_type,omitempty"`
	Help     string                 `json:"help,omitempty"`
	Children map[string]SchemaChild `json:"children,omitempty"`
}

type SchemaChild 

type SchemaChild struct {
	Name     string                 `json:"name,omitempty"`
	Category string                 `json:"category,omitempty"`
	Type     string                 `json:"type,omitempty"`
	Help     string                 `json:"help,omitempty"`
	Options  []SchemaOption         `json:"options,omitempty"`
	Children map[string]SchemaChild `json:"children,omitempty"`
}

type SchemaOption 

type SchemaOption struct {
	Name string `json:"name,omitempty"`
	Help string `json:"help,omitempty"`
}

type SchemaResponse 

type SchemaResponse struct {
	Endpoints []Endpoint `json:"results,omitempty"`
	Result
}

type VIP 

type VIP struct {

	// Enable to respond to ARP requests for this virtual IP address. Enabled by default.
	ArpReply VIPArpReply `json:"arp-reply,omitempty"`

	// Color of icon on the GUI.
	Color int `json:"color,omitempty"`

	// Comment.
	Comment string `json:"comment,omitempty"`

	// DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
	DnsMappingTtl int `json:"dns-mapping-ttl,omitempty"`

	// External FQDN address name.
	Extaddr []VIPExtaddr `json:"extaddr,omitempty"`

	// Interface connected to the source network that receives the packets that will be forwarded to the destination network.
	Extintf string `json:"extintf,omitempty"`

	// IP address or address range on the external interface that you want to map to an address or address range on the destination network.
	Extip string `json:"extip,omitempty"`

	// Incoming port number range that you want to map to a port number range on the destination network.
	Extport string `json:"extport,omitempty"`

	// Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
	GratuitousArpInterval int `json:"gratuitous-arp-interval,omitempty"`

	// Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
	HttpCookieAge int `json:"http-cookie-age,omitempty"`

	// Domain that HTTP cookie persistence should apply to.
	HttpCookieDomain string `json:"http-cookie-domain,omitempty"`

	// Enable/disable use of HTTP cookie domain from host field in HTTP.
	HttpCookieDomainFromHost VIPHttpCookieDomainFromHost `json:"http-cookie-domain-from-host,omitempty"`

	// Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
	HttpCookieGeneration int `json:"http-cookie-generation,omitempty"`

	// Limit HTTP cookie persistence to the specified path.
	HttpCookiePath string `json:"http-cookie-path,omitempty"`

	// Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing.
	HttpCookieShare VIPHttpCookieShare `json:"http-cookie-share,omitempty"`

	// For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header.
	HttpIpHeader VIPHttpIpHeader `json:"http-ip-header,omitempty"`

	// For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
	HttpIpHeaderName string `json:"http-ip-header-name,omitempty"`

	// Enable/disable HTTP multiplexing.
	HttpMultiplex VIPHttpMultiplex `json:"http-multiplex,omitempty"`

	// Custom defined ID.
	Id int `json:"id,omitempty"`

	// Method used to distribute sessions to real servers.
	LdbMethod VIPLdbMethod `json:"ldb-method,omitempty"`

	// Mapped FQDN address name.
	MappedAddr string `json:"mapped-addr,omitempty"`

	// IP address or address range on the destination network to which the external IP address is mapped.
	Mappedip []VIPMappedip `json:"mappedip,omitempty"`

	// Port number range on the destination network to which the external port number range is mapped.
	Mappedport string `json:"mappedport,omitempty"`

	// Maximum number of incomplete connections.
	MaxEmbryonicConnections int `json:"max-embryonic-connections,omitempty"`

	// Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
	Monitor []VIPMonitor `json:"monitor,omitempty"`

	// Virtual IP name.
	Name string `json:"name,omitempty"`

	// Enable to prevent unintended servers from using a virtual IP. Disable to use the actual IP address of the server as the source address.
	NatSourceVip VIPNatSourceVip `json:"nat-source-vip,omitempty"`

	// Enable to add the Front-End-Https header for Microsoft Outlook Web Access.
	OutlookWebAccess VIPOutlookWebAccess `json:"outlook-web-access,omitempty"`

	// Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session.
	Persistence VIPPersistence `json:"persistence,omitempty"`

	// Enable/disable port forwarding.
	Portforward VIPPortforward `json:"portforward,omitempty"`

	// Port mapping type.
	PortmappingType VIPPortmappingType `json:"portmapping-type,omitempty"`

	// Protocol to use when forwarding packets.
	Protocol VIPProtocol `json:"protocol,omitempty"`

	// Select the real servers that this server load balancing VIP will distribute traffic to.
	Realservers []VIPRealservers `json:"realservers,omitempty"`

	// Protocol to be load balanced by the virtual server (also called the server load balance virtual IP).
	ServerType VIPServerType `json:"server-type,omitempty"`

	// Service name.
	Service []VIPService `json:"service,omitempty"`

	// Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
	SrcFilter []VIPSrcFilter `json:"src-filter,omitempty"`

	// Interfaces to which the VIP applies. Separate the names with spaces.
	SrcintfFilter []VIPSrcintfFilter `json:"srcintf-filter,omitempty"`

	// Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
	Type VIPType `json:"type,omitempty"`

	// Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
	Uuid string `json:"uuid,omitempty"`

	// Enable to add an HTTP header to indicate SSL offloading for a WebLogic server.
	WeblogicServer VIPWeblogicServer `json:"weblogic-server,omitempty"`

	// Enable to add an HTTP header to indicate SSL offloading for a WebSphere server.
	WebsphereServer VIPWebsphereServer `json:"websphere-server,omitempty"`
}

Configure virtual IP for IPv4.

func (*VIP) MKey 

func (x *VIP) MKey() string

Returns the value that identifies a VIP

func (*VIP) MarshalJSON 

func (v *VIP) MarshalJSON() ([]byte, error)

func (*VIP) UnmarshalJSON 

func (v *VIP) UnmarshalJSON(data []byte) error

Special cases

type VIPArpReply 

type VIPArpReply string

Enable to respond to ARP requests for this virtual IP address. Enabled by default. 

const (
	// Disable ARP reply.
	VIPArpReplyDisable VIPArpReply = "disable"

	// Enable ARP reply.
	VIPArpReplyEnable VIPArpReply = "enable"
)

type VIPExtaddr 

type VIPExtaddr struct {

	// Address name.
	Name string `json:"name,omitempty"`
}

External FQDN address name.

type VIPHttpCookieDomainFromHost 

type VIPHttpCookieDomainFromHost string

Enable/disable use of HTTP cookie domain from host field in HTTP. 

const (
	// Disable use of HTTP cookie domain from host field in HTTP (use http-cooke-domain setting).
	VIPHttpCookieDomainFromHostDisable VIPHttpCookieDomainFromHost = "disable"

	// Enable use of HTTP cookie domain from host field in HTTP.
	VIPHttpCookieDomainFromHostEnable VIPHttpCookieDomainFromHost = "enable"
)

type VIPHttpCookieShare 

type VIPHttpCookieShare string

Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. 

const (
	// Only allow HTTP cookie to match this virtual server.
	VIPHttpCookieShareDisable VIPHttpCookieShare = "disable"

	// Allow HTTP cookie to match any virtual server with same IP.
	VIPHttpCookieShareSameIp VIPHttpCookieShare = "same-ip"
)

type VIPHttpIpHeader 

type VIPHttpIpHeader string

For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. 

const (
	// Enable adding HTTP header.
	VIPHttpIpHeaderEnable VIPHttpIpHeader = "enable"

	// Disable adding HTTP header.
	VIPHttpIpHeaderDisable VIPHttpIpHeader = "disable"
)

type VIPHttpMultiplex 

type VIPHttpMultiplex string

Enable/disable HTTP multiplexing. 

const (
	// Enable HTTP session multiplexing.
	VIPHttpMultiplexEnable VIPHttpMultiplex = "enable"

	// Disable HTTP session multiplexing.
	VIPHttpMultiplexDisable VIPHttpMultiplex = "disable"
)

type VIPLdbMethod 

type VIPLdbMethod string

Method used to distribute sessions to real servers. 

const (
	// Distribute to server based on source IP.
	VIPLdbMethodStatic VIPLdbMethod = "static"

	// Distribute to server based round robin order.
	VIPLdbMethodRoundRobin VIPLdbMethod = "round-robin"

	// Distribute to server based on weight.
	VIPLdbMethodWeighted VIPLdbMethod = "weighted"

	// Distribute to server with lowest session count.
	VIPLdbMethodLeastSession VIPLdbMethod = "least-session"

	// Distribute to server with lowest Round-Trip-Time.
	VIPLdbMethodLeastRtt VIPLdbMethod = "least-rtt"

	// Distribute to the first server that is alive.
	VIPLdbMethodFirstAlive VIPLdbMethod = "first-alive"

	// Distribute to server based on host field in HTTP header.
	VIPLdbMethodHttpHost VIPLdbMethod = "http-host"
)

type VIPMappedip 

type VIPMappedip struct {

	// Mapped IP range.
	Range string `json:"range,omitempty"`
}

IP address or address range on the destination network to which the external IP address is mapped.

type VIPMonitor 

type VIPMonitor struct {

	// Health monitor name.
	Name string `json:"name,omitempty"`
}

Name of the health check monitor to use when polling to determine a virtual server's connectivity status.

type VIPNatSourceVip 

type VIPNatSourceVip string

Enable to prevent unintended servers from using a virtual IP. Disable to use the actual IP address of the server as the source address. 

const (
	// Do not force to NAT as VIP.
	VIPNatSourceVipDisable VIPNatSourceVip = "disable"

	// Force to NAT as VIP.
	VIPNatSourceVipEnable VIPNatSourceVip = "enable"
)

type VIPOutlookWebAccess 

type VIPOutlookWebAccess string

Enable to add the Front-End-Https header for Microsoft Outlook Web Access. 

const (
	// Disable Outlook Web Access support.
	VIPOutlookWebAccessDisable VIPOutlookWebAccess = "disable"

	// Enable Outlook Web Access support.
	VIPOutlookWebAccessEnable VIPOutlookWebAccess = "enable"
)

type VIPPersistence 

type VIPPersistence string

Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. 

const (
	// None.
	VIPPersistenceNone VIPPersistence = "none"

	// HTTP cookie.
	VIPPersistenceHttpCookie VIPPersistence = "http-cookie"
)

type VIPPortforward 

type VIPPortforward string

Enable/disable port forwarding. 

const (
	// Disable port forward.
	VIPPortforwardDisable VIPPortforward = "disable"

	// Enable port forward.
	VIPPortforwardEnable VIPPortforward = "enable"
)

type VIPPortmappingType 

type VIPPortmappingType string

Port mapping type. 

const (
	// One to one.
	VIPPortmappingType1To1 VIPPortmappingType = "1-to-1"

	// Many to many.
	VIPPortmappingTypeMToN VIPPortmappingType = "m-to-n"
)

type VIPProtocol 

type VIPProtocol string

Protocol to use when forwarding packets. 

const (
	// TCP.
	VIPProtocolTcp VIPProtocol = "tcp"

	// UDP.
	VIPProtocolUdp VIPProtocol = "udp"

	// SCTP.
	VIPProtocolSctp VIPProtocol = "sctp"

	// ICMP.
	VIPProtocolIcmp VIPProtocol = "icmp"
)

type VIPRealservers 

type VIPRealservers struct {

	// Only clients in this IP range can connect to this real server.
	ClientIp string `json:"client-ip,omitempty"`

	// Enable to check the responsiveness of the real server before forwarding traffic.
	Healthcheck string `json:"healthcheck,omitempty"`

	// Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
	HolddownInterval int `json:"holddown-interval,omitempty"`

	// HTTP server domain name in HTTP header.
	HttpHost string `json:"http-host,omitempty"`

	// Real server ID.
	Id int `json:"id,omitempty"`

	// IP address of the real server.
	Ip string `json:"ip,omitempty"`

	// Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
	MaxConnections int `json:"max-connections,omitempty"`

	// Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
	Monitor string `json:"monitor,omitempty"`

	// Port for communicating with the real server. Required if port forwarding is enabled.
	Port int `json:"port,omitempty"`

	// Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent.
	Status string `json:"status,omitempty"`

	// Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
	Weight int `json:"weight,omitempty"`
}

Select the real servers that this server load balancing VIP will distribute traffic to.

type VIPResults 

type VIPResults struct {
	Results []*VIP `json:"results"`
	Mkey    string `json:"mkey"`
	Result
}

The results of a Get or List operation

type VIPServerType 

type VIPServerType string

Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). 

const (
	// HTTP
	VIPServerTypeHttp VIPServerType = "http"

	// TCP
	VIPServerTypeTcp VIPServerType = "tcp"

	// UDP
	VIPServerTypeUdp VIPServerType = "udp"

	// IP
	VIPServerTypeIp VIPServerType = "ip"
)

type VIPService 

type VIPService struct {

	// Service name.
	Name string `json:"name,omitempty"`
}

Service name.

type VIPSrcFilter 

type VIPSrcFilter struct {

	// Source-filter range.
	Range string `json:"range,omitempty"`
}

Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.

type VIPSrcintfFilter 

type VIPSrcintfFilter struct {

	// Interface name.
	InterfaceName string `json:"interface-name,omitempty"`
}

Interfaces to which the VIP applies. Separate the names with spaces.

type VIPType 

type VIPType string

Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. 

const (
	// Static NAT.
	VIPTypeStaticNat VIPType = "static-nat"

	// Load balance.
	VIPTypeLoadBalance VIPType = "load-balance"

	// Server load balance.
	VIPTypeServerLoadBalance VIPType = "server-load-balance"

	// DNS translation.
	VIPTypeDnsTranslation VIPType = "dns-translation"

	// Fully qualified domain name.
	VIPTypeFqdn VIPType = "fqdn"
)

type VIPWeblogicServer 

type VIPWeblogicServer string

Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. 

const (
	// Do not add HTTP header indicating SSL offload for WebLogic server.
	VIPWeblogicServerDisable VIPWeblogicServer = "disable"

	// Add HTTP header indicating SSL offload for WebLogic server.
	VIPWeblogicServerEnable VIPWeblogicServer = "enable"
)

type VIPWebsphereServer 

type VIPWebsphereServer string

Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. 

const (
	// Do not add HTTP header indicating SSL offload for WebSphere server.
	VIPWebsphereServerDisable VIPWebsphereServer = "disable"

	// Add HTTP header indicating SSL offload for WebSphere server.
	VIPWebsphereServerEnable VIPWebsphereServer = "enable"
)

type WebClient 

type WebClient struct {
	URL      string
	User     string
	Password string
	ApiKey   string
	Log      bool
	// contains filtered or unexported fields
}

func NewWebClient 

func NewWebClient(clientConfig WebClient) (c *WebClient, err error)

func (*WebClient) CreateFirewallPolicy 

func (c *WebClient) CreateFirewallPolicy(obj *FirewallPolicy) (id int, err error)

Create a new FirewallPolicy

func (*WebClient) CreateVIP 

func (c *WebClient) CreateVIP(obj *VIP) (id string, err error)

Create a new VIP

func (*WebClient) DeleteFirewallPolicy 

func (c *WebClient) DeleteFirewallPolicy(mkey int) error

Delete a FirewallPolicy by name

func (*WebClient) DeleteVIP 

func (c *WebClient) DeleteVIP(mkey string) error

Delete a VIP by name

func (*WebClient) GetFirewallPolicy 

func (c *WebClient) GetFirewallPolicy(mkey int) (res *FirewallPolicy, err error)

Get a FirewallPolicy by ID

func (*WebClient) GetFirewallPolicyByName 

func (c *WebClient) GetFirewallPolicyByName(name string) (res *FirewallPolicy, err error)

Get a FirewallPolicy by ID

func (*WebClient) GetVIP 

func (c *WebClient) GetVIP(mkey string) (res *VIP, err error)

Get a VIP by name

func (*WebClient) ListFirewallPolicys 

func (c *WebClient) ListFirewallPolicys() (res []*FirewallPolicy, err error)

List all FirewallPolicys

func (*WebClient) ListVIPs 

func (c *WebClient) ListVIPs() (res []*VIP, err error)

List all VIPs

func (*WebClient) Schema 

func (c *WebClient) Schema() ([]Endpoint, error)

func (*WebClient) UpdateFirewallPolicy 

func (c *WebClient) UpdateFirewallPolicy(obj *FirewallPolicy) error

Update a FirewallPolicy

func (*WebClient) UpdateVIP 

func (c *WebClient) UpdateVIP(obj *VIP) error

Update a VIP

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.