addSToSConnectionProfile
The addSToSConnectionProfile operation handles configuration related to SToSConnectionProfile model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| name | True | string | A string containing the name of the VPN profile. The string can be up to 50 characters, but can only consist of alphanumeric characters and the following special characters: _.+- | ||
| outsideInterfaces | True | [object] | A mandatory list of a single PhysicalInterface or SubInterface object that can be used for establishing the VPN connection. The list must contain only one object. Field level constraints: cannot be null. (Note: Additional constraints might exist) Allowed types are: [SubInterface, PhysicalInterface] |
||
| localNetworks | False | [object] | A list of NetworkObject or NetworkObjectGroup objects of the source of the traffic that is to be routed through the VPN tunnel. If no source networks are provided, then traffic from any source may be forwarded through the tunnel. Allowed types are: [NetworkObject, NetworkObjectGroup] |
||
| isRemotePeerIpDynamic | False | boolean | A Boolean value that determines whether the remote peer ip is static or dynamic. FALSE is the default. | ||
| ikev1AuthMethod | True | string | Determines whether the IKEv1 authentication is done using a pre-shared key or a certificate. EnumType with values PRE_SHARED_KEY or CERTIFICATE. PRE_SHARE is the default. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| ikev2AuthMethod | True | string | Determines whether the IKEv2 authentication is done using a pre-shared key or a certificate. EnumType with values PRE_SHARED_KEY or CERTIFICATE. PRE_SHARE is the default. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| ikev1IDCertificate | False | object | Reference to an identity certificate of type internalcertificate. Allowed types are: [InternalCertificate] |
||
| ikev2IDCertificate | False | object | Reference to an identity certificate of type internalcertificate. Allowed types are: [InternalCertificate] |
||
| remotePeerIpAddress | False | string | A mandatory string that contains the IP address of the site-to-site VPN peer to connect to Field level constraints: must be a valid IP address. (Note: Additional constraints might exist) |
||
| remoteNetworks | False | [object] | A list of NetworkObject or NetworkObjectGroup objects of the destination of the traffic that is to be routed through the VPN tunnel. If no remote networks are provided, then traffic going to any destination may be forwarded through the tunnel. Allowed types are: [NetworkObject, NetworkObjectGroup] |
||
| ikev1Enabled | True | boolean | A mandatory Boolean value, TRUE (default) or FALSE. The TRUE value indicates that IKEv1 will be used by the VPN tunnel in connection attempts and negotiations. Note that if both IKEv1 and IKEv2 are enabled, IKEv2 will be used first. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| ikev2Enabled | True | boolean | A mandatory Boolean value, TRUE (default) or FALSE. The TRUE value indicates that IKEv2 will be used by the VPN tunnel in connection attempts and negotiations. Note that if both IKEv1 and IKEv2 are enabled, IKEv2 will be used first. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| ikev1PreSharedKey | False | string | A string containing the pre-shared key for IKE v1 connections. This is mandatory if IKEv1 is enabled. The key is encrypted when stored in the system, and the system will return a generic string instead of the key string for security reasons. | ||
| diffieHellmanGroup | False | string | An enum value that defines the Diffie-Hellman group to use for Perfect Forwarding Secrecy. If left empty, Perfect Forward Secrecy is disabled. Possible values are: GROUP1 - 768-bit modulus. GROUP2 - 1024-bit modulus. GROUP5 - 1536-bit modulus. GROUP14 - 2048 bit modulus. GROUP19 - 256 bit elliptic curve. GROUP20 - 384 bit elliptic curve. GROUP21 - 521 bit elliptic curve. GROUP24 - 2048-bit modulus and 256-bit prime order subgroup. |
||
| ikev2LocalPreSharedKey | False | string | A string containing the local pre-shared key for IKE v2 connections. This is mandatory if IKEv2 is enabled. The key is encrypted when stored in the system, and the system will return a generic string instead of the key string for security reasons. | ||
| ikev2RemotePeerPreSharedKey | False | string | A string containing the remote pre-shared key for IKE v2 connections. This is mandatory if IKEv2 is enabled. The key is encrypted when stored in the system, and the system will return a generic string instead of the key string for security reasons. | ||
| ikev1Proposals | False | [object] | A list of IkevOneProposal objects to be used in IKEv1 connections. The list cannot be empty if IKEv1 is enabled. Allowed types are: [IkevOneProposal] |
||
| ikev2Proposals | False | [object] | A list of IkevTwoProposal objects to be used in IKEv2 connections. The list cannot be empty if IKEv2 is enabled. Allowed types are: [IkevTwoProposal] |
||
| interfaceForNatExempt | False | object | A PhysicalInterface or SubInterface object that needs a NAT exempt rule generated for access through VPN. If left empty, no NAT exempt rules will be automatically generated. Allowed types are: [SubInterface, PhysicalInterface] |
||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | ||
Example
- name: Execute 'addSToSConnectionProfile' operation
ftd_configuration:
operation: "addSToSConnectionProfile"
data:
name: "{{ name }}"
outsideInterfaces: "{{ outside_interfaces }}"
localNetworks: "{{ local_networks }}"
isRemotePeerIpDynamic: "{{ is_remote_peer_ip_dynamic }}"
ikev1AuthMethod: "{{ ikev1_auth_method }}"
ikev2AuthMethod: "{{ ikev2_auth_method }}"
ikev1IDCertificate: "{{ ikev1_id_certificate }}"
ikev2IDCertificate: "{{ ikev2_id_certificate }}"
remotePeerIpAddress: "{{ remote_peer_ip_address }}"
remoteNetworks: "{{ remote_networks }}"
ikev1Enabled: "{{ ikev1_enabled }}"
ikev2Enabled: "{{ ikev2_enabled }}"
ikev1PreSharedKey: "{{ ikev1_pre_shared_key }}"
diffieHellmanGroup: "{{ diffie_hellman_group }}"
ikev2LocalPreSharedKey: "{{ ikev2_local_pre_shared_key }}"
ikev2RemotePeerPreSharedKey: "{{ ikev2_remote_peer_pre_shared_key }}"
ikev1Proposals: "{{ ikev1_proposals }}"
ikev2Proposals: "{{ ikev2_proposals }}"
interfaceForNatExempt: "{{ interface_for_nat_exempt }}"
type: "{{ type }}"