IKE Gateway - Terraform documentation

[kklimonda-cl]

panos_ike_gateway (Resource)

Schema

Required

• location (Attributes) The location of this object. (see below for nested schema)
• name (String)

Optional

• authentication (Attributes) (see below for nested schema)
• comment (String)
• disabled (Boolean) Disable the IKE gateway
• ipv6 (Boolean) use IPv6 for the IKE gateway
• local_address (Attributes) (see below for nested schema)
• local_id (Attributes) (see below for nested schema)
• peer_address (Attributes) (see below for nested schema)
• peer_id (Attributes) (see below for nested schema)
• protocol (Attributes) (see below for nested schema)
• protocol_common (Attributes) (see below for nested schema)

Nested Schema for location

Optional:

• ngfw (Attributes) Located in a specific NGFW device (see below for nested schema)
• template (Attributes) Located in a specific template (see below for nested schema)
• template_stack (Attributes) Located in a specific template stack (see below for nested schema)

Nested Schema for location.ngfw

Optional:

• ngfw_device (String) The NGFW device

Nested Schema for location.template

Optional:

• name (String) Specific Panorama template
• ngfw_device (String) The NGFW device
• panorama_device (String) Specific Panorama device

Nested Schema for location.template_stack

Optional:

• name (String) Specific Panorama template stack
• ngfw_device (String) The NGFW device
• panorama_device (String) Specific Panorama device

Nested Schema for authentication

Optional:

• certificate (Attributes) (see below for nested schema)
• pre_shared_key (Attributes) (see below for nested schema)

Nested Schema for authentication.certificate

Optional:

• allow_id_payload_mismatch (Boolean) Permit peer identification and certificate payload identification mismatch
• certificate_profile (String) Profile for certificate valdiation during IKE negotiation
• local_certificate (Attributes) (see below for nested schema)
• strict_validation_revocation (Boolean) Enable strict validation of peer's extended key use
• use_management_as_source (Boolean) Use management interface IP as source to retrieve http certificates

Nested Schema for authentication.certificate.local_certificate

Optional:

• hash_and_url (Attributes) (see below for nested schema)
• name (String) Local certificate name

Nested Schema for authentication.certificate.local_certificate.hash_and_url

Optional:

• base_url (String) The host and directory part of URL for local certificates(http only)
• enable (Boolean) Use hash-and-url for local certificate

Nested Schema for authentication.pre_shared_key

Optional:

• key (String) the string used as pre-shared key

Nested Schema for local_address

Optional:

• floating_ip (String) Floating IP address in HA Active-Active configuration
• interface (String) local gateway end-point
• ip (String) specify exact IP address if interface has multiple addresses

Nested Schema for local_id

Optional:

• id (String) Local ID string
• type (String)

Nested Schema for peer_address

Optional:

• dynamic (Attributes) (see below for nested schema)
• fqdn (String) peer gateway FQDN name
• ip (String) peer gateway has static IP address

Nested Schema for peer_address.dynamic

Nested Schema for peer_id

Optional:

• id (String) Peer ID string
• matching (String) Enable peer ID wildcard match for certificate authentication
• type (String)

Nested Schema for protocol

Optional:

• ikev1 (Attributes) (see below for nested schema)
• ikev2 (Attributes) (see below for nested schema)
• version (String) IKE protocol version

Nested Schema for protocol.ikev1

Optional:

• dpd (Attributes) (see below for nested schema)
• exchange_mode (String) Exchange mode
• ike_crypto_profile (String) IKE SA crypto profile name

Nested Schema for protocol.ikev1.dpd

Optional:

• enable (Boolean) Enable Dead-Peer-Detection
• interval (Number) sending interval for probing packets (in seconds)
• retry (Number) number of retries before disconnection

Nested Schema for protocol.ikev2

Optional:

• dpd (Attributes) (see below for nested schema)
• ike_crypto_profile (String) IKE SA crypto profile name
• require_cookie (Boolean) Require cookie

Nested Schema for protocol.ikev2.dpd

Optional:

• enable (Boolean) Enable sending empty information liveness check message
• interval (Number) delay interval before sending probing packets (in seconds)

Nested Schema for protocol_common

Optional:

• fragmentation (Attributes) (see below for nested schema)
• nat_traversal (Attributes) (see below for nested schema)
• passive_mode (Boolean) Enable passive mode (responder only)

Nested Schema for protocol_common.fragmentation

Optional:

• enable (Boolean) Enable IKE fragmentation

Nested Schema for protocol_common.nat_traversal

Optional:

• enable (Boolean) Enable NAT-Traversal
• keep_alive_interval (Number) sending interval for NAT keep-alive packets (in seconds)
• udp_checksum_enable (Boolean) Enable UDP checksum