1. Packages
  2. Fortimanager Provider
  3. API Docs
  4. ObjectFirewallSslsshprofile
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortimanager.ObjectFirewallSslsshprofile

Explore with Pulumi AI

Configure SSL/SSH protocol options.

The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.

  • dot: fortimanager.ObjectFirewallSslsshprofileDot
  • ech_outer_sni: fortimanager.ObjectFirewallSslsshprofileEchoutersni
  • ftps: fortimanager.ObjectFirewallSslsshprofileFtps
  • https: fortimanager.ObjectFirewallSslsshprofileHttps
  • imaps: fortimanager.ObjectFirewallSslsshprofileImaps
  • pop3s: fortimanager.ObjectFirewallSslsshprofilePop3s
  • smtps: fortimanager.ObjectFirewallSslsshprofileSmtps
  • ssh: fortimanager.ObjectFirewallSslsshprofileSsh
  • ssl: fortimanager.ObjectFirewallSslsshprofileSsl
  • ssl_exempt: fortimanager.ObjectFirewallSslsshprofileSslexempt
  • ssl_server: fortimanager.ObjectFirewallSslsshprofileSslserver

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";

const trname = new fortimanager.ObjectFirewallSslsshprofile("trname", {
    comment: "terraform-comment1",
    mapiOverHttps: "disable",
    useSslServer: "disable",
    whitelist: "enable",
});
Copy
import pulumi
import pulumi_fortimanager as fortimanager

trname = fortimanager.ObjectFirewallSslsshprofile("trname",
    comment="terraform-comment1",
    mapi_over_https="disable",
    use_ssl_server="disable",
    whitelist="enable")
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := fortimanager.NewObjectFirewallSslsshprofile(ctx, "trname", &fortimanager.ObjectFirewallSslsshprofileArgs{
			Comment:       pulumi.String("terraform-comment1"),
			MapiOverHttps: pulumi.String("disable"),
			UseSslServer:  pulumi.String("disable"),
			Whitelist:     pulumi.String("enable"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;

return await Deployment.RunAsync(() => 
{
    var trname = new Fortimanager.ObjectFirewallSslsshprofile("trname", new()
    {
        Comment = "terraform-comment1",
        MapiOverHttps = "disable",
        UseSslServer = "disable",
        Whitelist = "enable",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.ObjectFirewallSslsshprofile;
import com.pulumi.fortimanager.ObjectFirewallSslsshprofileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var trname = new ObjectFirewallSslsshprofile("trname", ObjectFirewallSslsshprofileArgs.builder()
            .comment("terraform-comment1")
            .mapiOverHttps("disable")
            .useSslServer("disable")
            .whitelist("enable")
            .build());

    }
}
Copy
resources:
  trname:
    type: fortimanager:ObjectFirewallSslsshprofile
    properties:
      comment: terraform-comment1
      mapiOverHttps: disable
      useSslServer: disable
      whitelist: enable
Copy

Create ObjectFirewallSslsshprofile Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ObjectFirewallSslsshprofile(name: string, args?: ObjectFirewallSslsshprofileArgs, opts?: CustomResourceOptions);
@overload
def ObjectFirewallSslsshprofile(resource_name: str,
                                args: Optional[ObjectFirewallSslsshprofileArgs] = None,
                                opts: Optional[ResourceOptions] = None)

@overload
def ObjectFirewallSslsshprofile(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                adom: Optional[str] = None,
                                allowlist: Optional[str] = None,
                                block_blacklisted_certificates: Optional[str] = None,
                                block_blocklisted_certificates: Optional[str] = None,
                                caname: Optional[str] = None,
                                comment: Optional[str] = None,
                                dot: Optional[ObjectFirewallSslsshprofileDotArgs] = None,
                                dynamic_sort_subtable: Optional[str] = None,
                                ech_outer_snis: Optional[Sequence[ObjectFirewallSslsshprofileEchOuterSniArgs]] = None,
                                ftps: Optional[ObjectFirewallSslsshprofileFtpsArgs] = None,
                                https: Optional[ObjectFirewallSslsshprofileHttpsArgs] = None,
                                imaps: Optional[ObjectFirewallSslsshprofileImapsArgs] = None,
                                mapi_over_https: Optional[str] = None,
                                name: Optional[str] = None,
                                object_firewall_sslsshprofile_id: Optional[str] = None,
                                pop3s: Optional[ObjectFirewallSslsshprofilePop3sArgs] = None,
                                rpc_over_https: Optional[str] = None,
                                scopetype: Optional[str] = None,
                                server_cert: Optional[str] = None,
                                server_cert_mode: Optional[str] = None,
                                smtps: Optional[ObjectFirewallSslsshprofileSmtpsArgs] = None,
                                ssh: Optional[ObjectFirewallSslsshprofileSshArgs] = None,
                                ssl: Optional[ObjectFirewallSslsshprofileSslArgs] = None,
                                ssl_anomalies_log: Optional[str] = None,
                                ssl_anomaly_log: Optional[str] = None,
                                ssl_exemption_ip_rating: Optional[str] = None,
                                ssl_exemption_log: Optional[str] = None,
                                ssl_exemptions_log: Optional[str] = None,
                                ssl_exempts: Optional[Sequence[ObjectFirewallSslsshprofileSslExemptArgs]] = None,
                                ssl_handshake_log: Optional[str] = None,
                                ssl_negotiation_log: Optional[str] = None,
                                ssl_server_cert_log: Optional[str] = None,
                                ssl_servers: Optional[Sequence[ObjectFirewallSslsshprofileSslServerArgs]] = None,
                                supported_alpn: Optional[str] = None,
                                untrusted_caname: Optional[str] = None,
                                use_ssl_server: Optional[str] = None,
                                whitelist: Optional[str] = None)
func NewObjectFirewallSslsshprofile(ctx *Context, name string, args *ObjectFirewallSslsshprofileArgs, opts ...ResourceOption) (*ObjectFirewallSslsshprofile, error)
public ObjectFirewallSslsshprofile(string name, ObjectFirewallSslsshprofileArgs? args = null, CustomResourceOptions? opts = null)
public ObjectFirewallSslsshprofile(String name, ObjectFirewallSslsshprofileArgs args)
public ObjectFirewallSslsshprofile(String name, ObjectFirewallSslsshprofileArgs args, CustomResourceOptions options)
type: fortimanager:ObjectFirewallSslsshprofile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args ObjectFirewallSslsshprofileArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args ObjectFirewallSslsshprofileArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args ObjectFirewallSslsshprofileArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args ObjectFirewallSslsshprofileArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. ObjectFirewallSslsshprofileArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var objectFirewallSslsshprofileResource = new Fortimanager.ObjectFirewallSslsshprofile("objectFirewallSslsshprofileResource", new()
{
    Adom = "string",
    Allowlist = "string",
    BlockBlacklistedCertificates = "string",
    BlockBlocklistedCertificates = "string",
    Caname = "string",
    Comment = "string",
    Dot = new Fortimanager.Inputs.ObjectFirewallSslsshprofileDotArgs
    {
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertificate = "string",
        ExpiredServerCert = "string",
        MinAllowedSslVersion = "string",
        ProxyAfterTcpHandshake = "string",
        Quic = "string",
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        Status = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedServerCert = "string",
    },
    DynamicSortSubtable = "string",
    EchOuterSnis = new[]
    {
        new Fortimanager.Inputs.ObjectFirewallSslsshprofileEchOuterSniArgs
        {
            Name = "string",
            Sni = "string",
        },
    },
    Ftps = new Fortimanager.Inputs.ObjectFirewallSslsshprofileFtpsArgs
    {
        AllowInvalidServerCert = "string",
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertRequest = "string",
        ClientCertificate = "string",
        ExpiredServerCert = "string",
        InvalidServerCert = "string",
        MinAllowedSslVersion = "string",
        Ports = new[]
        {
            0,
        },
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        Status = "string",
        UnsupportedSsl = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedCert = "string",
        UntrustedServerCert = "string",
    },
    Https = new Fortimanager.Inputs.ObjectFirewallSslsshprofileHttpsArgs
    {
        AllowInvalidServerCert = "string",
        CertProbeFailure = "string",
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertRequest = "string",
        ClientCertificate = "string",
        EncryptedClientHello = "string",
        ExpiredServerCert = "string",
        InvalidServerCert = "string",
        MinAllowedSslVersion = "string",
        Ports = new[]
        {
            0,
        },
        ProxyAfterTcpHandshake = "string",
        Quic = "string",
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        Status = "string",
        UnsupportedSsl = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedCert = "string",
        UntrustedServerCert = "string",
    },
    Imaps = new Fortimanager.Inputs.ObjectFirewallSslsshprofileImapsArgs
    {
        AllowInvalidServerCert = "string",
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertRequest = "string",
        ClientCertificate = "string",
        ExpiredServerCert = "string",
        InvalidServerCert = "string",
        MinAllowedSslVersion = "string",
        Ports = new[]
        {
            0,
        },
        ProxyAfterTcpHandshake = "string",
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        Status = "string",
        UnsupportedSsl = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedCert = "string",
        UntrustedServerCert = "string",
    },
    MapiOverHttps = "string",
    Name = "string",
    ObjectFirewallSslsshprofileId = "string",
    Pop3s = new Fortimanager.Inputs.ObjectFirewallSslsshprofilePop3sArgs
    {
        AllowInvalidServerCert = "string",
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertRequest = "string",
        ClientCertificate = "string",
        ExpiredServerCert = "string",
        InvalidServerCert = "string",
        MinAllowedSslVersion = "string",
        Ports = new[]
        {
            0,
        },
        ProxyAfterTcpHandshake = "string",
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        Status = "string",
        UnsupportedSsl = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedCert = "string",
        UntrustedServerCert = "string",
    },
    RpcOverHttps = "string",
    Scopetype = "string",
    ServerCert = "string",
    ServerCertMode = "string",
    Smtps = new Fortimanager.Inputs.ObjectFirewallSslsshprofileSmtpsArgs
    {
        AllowInvalidServerCert = "string",
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertRequest = "string",
        ClientCertificate = "string",
        ExpiredServerCert = "string",
        InvalidServerCert = "string",
        MinAllowedSslVersion = "string",
        Ports = new[]
        {
            0,
        },
        ProxyAfterTcpHandshake = "string",
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        Status = "string",
        UnsupportedSsl = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedCert = "string",
        UntrustedServerCert = "string",
    },
    Ssh = new Fortimanager.Inputs.ObjectFirewallSslsshprofileSshArgs
    {
        InspectAll = "string",
        Ports = new[]
        {
            0,
        },
        ProxyAfterTcpHandshake = "string",
        SshAlgorithm = "string",
        SshPolicyCheck = "string",
        SshTunPolicyCheck = "string",
        Status = "string",
        UnsupportedVersion = "string",
    },
    Ssl = new Fortimanager.Inputs.ObjectFirewallSslsshprofileSslArgs
    {
        AllowInvalidServerCert = "string",
        CertProbeFailure = "string",
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertRequest = "string",
        ClientCertificate = "string",
        EncryptedClientHello = "string",
        ExpiredServerCert = "string",
        InspectAll = "string",
        InvalidServerCert = "string",
        MinAllowedSslVersion = "string",
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        UnsupportedSsl = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedCert = "string",
        UntrustedServerCert = "string",
    },
    SslAnomaliesLog = "string",
    SslAnomalyLog = "string",
    SslExemptionIpRating = "string",
    SslExemptionLog = "string",
    SslExemptionsLog = "string",
    SslExempts = new[]
    {
        new Fortimanager.Inputs.ObjectFirewallSslsshprofileSslExemptArgs
        {
            Address = "string",
            Address6 = "string",
            FortiguardCategories = new[]
            {
                "string",
            },
            Id = 0,
            Regex = "string",
            Type = "string",
            WildcardFqdns = new[]
            {
                "string",
            },
        },
    },
    SslHandshakeLog = "string",
    SslNegotiationLog = "string",
    SslServerCertLog = "string",
    SslServers = new[]
    {
        new Fortimanager.Inputs.ObjectFirewallSslsshprofileSslServerArgs
        {
            FtpsClientCertRequest = "string",
            FtpsClientCertificate = "string",
            HttpsClientCertRequest = "string",
            HttpsClientCertificate = "string",
            Id = 0,
            ImapsClientCertRequest = "string",
            ImapsClientCertificate = "string",
            Ip = "string",
            Pop3sClientCertRequest = "string",
            Pop3sClientCertificate = "string",
            SmtpsClientCertRequest = "string",
            SmtpsClientCertificate = "string",
            SslOtherClientCertRequest = "string",
            SslOtherClientCertificate = "string",
        },
    },
    SupportedAlpn = "string",
    UntrustedCaname = "string",
    UseSslServer = "string",
    Whitelist = "string",
});
Copy
example, err := fortimanager.NewObjectFirewallSslsshprofile(ctx, "objectFirewallSslsshprofileResource", &fortimanager.ObjectFirewallSslsshprofileArgs{
Adom: pulumi.String("string"),
Allowlist: pulumi.String("string"),
BlockBlacklistedCertificates: pulumi.String("string"),
BlockBlocklistedCertificates: pulumi.String("string"),
Caname: pulumi.String("string"),
Comment: pulumi.String("string"),
Dot: &.ObjectFirewallSslsshprofileDotTypeArgs{
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
ProxyAfterTcpHandshake: pulumi.String("string"),
Quic: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
DynamicSortSubtable: pulumi.String("string"),
EchOuterSnis: .ObjectFirewallSslsshprofileEchOuterSniTypeArray{
&.ObjectFirewallSslsshprofileEchOuterSniTypeArgs{
Name: pulumi.String("string"),
Sni: pulumi.String("string"),
},
},
Ftps: &.ObjectFirewallSslsshprofileFtpsTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
Https: &.ObjectFirewallSslsshprofileHttpsTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertProbeFailure: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
EncryptedClientHello: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
Quic: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
Imaps: &.ObjectFirewallSslsshprofileImapsTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
MapiOverHttps: pulumi.String("string"),
Name: pulumi.String("string"),
ObjectFirewallSslsshprofileId: pulumi.String("string"),
Pop3s: &.ObjectFirewallSslsshprofilePop3sTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
RpcOverHttps: pulumi.String("string"),
Scopetype: pulumi.String("string"),
ServerCert: pulumi.String("string"),
ServerCertMode: pulumi.String("string"),
Smtps: &.ObjectFirewallSslsshprofileSmtpsTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
Ssh: &.ObjectFirewallSslsshprofileSshTypeArgs{
InspectAll: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
SshAlgorithm: pulumi.String("string"),
SshPolicyCheck: pulumi.String("string"),
SshTunPolicyCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedVersion: pulumi.String("string"),
},
Ssl: &.ObjectFirewallSslsshprofileSslTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertProbeFailure: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
EncryptedClientHello: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InspectAll: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
SslAnomaliesLog: pulumi.String("string"),
SslAnomalyLog: pulumi.String("string"),
SslExemptionIpRating: pulumi.String("string"),
SslExemptionLog: pulumi.String("string"),
SslExemptionsLog: pulumi.String("string"),
SslExempts: .ObjectFirewallSslsshprofileSslExemptTypeArray{
&.ObjectFirewallSslsshprofileSslExemptTypeArgs{
Address: pulumi.String("string"),
Address6: pulumi.String("string"),
FortiguardCategories: pulumi.StringArray{
pulumi.String("string"),
},
Id: pulumi.Float64(0),
Regex: pulumi.String("string"),
Type: pulumi.String("string"),
WildcardFqdns: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslHandshakeLog: pulumi.String("string"),
SslNegotiationLog: pulumi.String("string"),
SslServerCertLog: pulumi.String("string"),
SslServers: .ObjectFirewallSslsshprofileSslServerTypeArray{
&.ObjectFirewallSslsshprofileSslServerTypeArgs{
FtpsClientCertRequest: pulumi.String("string"),
FtpsClientCertificate: pulumi.String("string"),
HttpsClientCertRequest: pulumi.String("string"),
HttpsClientCertificate: pulumi.String("string"),
Id: pulumi.Float64(0),
ImapsClientCertRequest: pulumi.String("string"),
ImapsClientCertificate: pulumi.String("string"),
Ip: pulumi.String("string"),
Pop3sClientCertRequest: pulumi.String("string"),
Pop3sClientCertificate: pulumi.String("string"),
SmtpsClientCertRequest: pulumi.String("string"),
SmtpsClientCertificate: pulumi.String("string"),
SslOtherClientCertRequest: pulumi.String("string"),
SslOtherClientCertificate: pulumi.String("string"),
},
},
SupportedAlpn: pulumi.String("string"),
UntrustedCaname: pulumi.String("string"),
UseSslServer: pulumi.String("string"),
Whitelist: pulumi.String("string"),
})
Copy
var objectFirewallSslsshprofileResource = new ObjectFirewallSslsshprofile("objectFirewallSslsshprofileResource", ObjectFirewallSslsshprofileArgs.builder()
    .adom("string")
    .allowlist("string")
    .blockBlacklistedCertificates("string")
    .blockBlocklistedCertificates("string")
    .caname("string")
    .comment("string")
    .dot(ObjectFirewallSslsshprofileDotArgs.builder()
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertificate("string")
        .expiredServerCert("string")
        .minAllowedSslVersion("string")
        .proxyAfterTcpHandshake("string")
        .quic("string")
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .status("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedServerCert("string")
        .build())
    .dynamicSortSubtable("string")
    .echOuterSnis(ObjectFirewallSslsshprofileEchOuterSniArgs.builder()
        .name("string")
        .sni("string")
        .build())
    .ftps(ObjectFirewallSslsshprofileFtpsArgs.builder()
        .allowInvalidServerCert("string")
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertRequest("string")
        .clientCertificate("string")
        .expiredServerCert("string")
        .invalidServerCert("string")
        .minAllowedSslVersion("string")
        .ports(0)
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .status("string")
        .unsupportedSsl("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedCert("string")
        .untrustedServerCert("string")
        .build())
    .https(ObjectFirewallSslsshprofileHttpsArgs.builder()
        .allowInvalidServerCert("string")
        .certProbeFailure("string")
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertRequest("string")
        .clientCertificate("string")
        .encryptedClientHello("string")
        .expiredServerCert("string")
        .invalidServerCert("string")
        .minAllowedSslVersion("string")
        .ports(0)
        .proxyAfterTcpHandshake("string")
        .quic("string")
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .status("string")
        .unsupportedSsl("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedCert("string")
        .untrustedServerCert("string")
        .build())
    .imaps(ObjectFirewallSslsshprofileImapsArgs.builder()
        .allowInvalidServerCert("string")
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertRequest("string")
        .clientCertificate("string")
        .expiredServerCert("string")
        .invalidServerCert("string")
        .minAllowedSslVersion("string")
        .ports(0)
        .proxyAfterTcpHandshake("string")
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .status("string")
        .unsupportedSsl("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedCert("string")
        .untrustedServerCert("string")
        .build())
    .mapiOverHttps("string")
    .name("string")
    .objectFirewallSslsshprofileId("string")
    .pop3s(ObjectFirewallSslsshprofilePop3sArgs.builder()
        .allowInvalidServerCert("string")
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertRequest("string")
        .clientCertificate("string")
        .expiredServerCert("string")
        .invalidServerCert("string")
        .minAllowedSslVersion("string")
        .ports(0)
        .proxyAfterTcpHandshake("string")
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .status("string")
        .unsupportedSsl("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedCert("string")
        .untrustedServerCert("string")
        .build())
    .rpcOverHttps("string")
    .scopetype("string")
    .serverCert("string")
    .serverCertMode("string")
    .smtps(ObjectFirewallSslsshprofileSmtpsArgs.builder()
        .allowInvalidServerCert("string")
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertRequest("string")
        .clientCertificate("string")
        .expiredServerCert("string")
        .invalidServerCert("string")
        .minAllowedSslVersion("string")
        .ports(0)
        .proxyAfterTcpHandshake("string")
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .status("string")
        .unsupportedSsl("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedCert("string")
        .untrustedServerCert("string")
        .build())
    .ssh(ObjectFirewallSslsshprofileSshArgs.builder()
        .inspectAll("string")
        .ports(0)
        .proxyAfterTcpHandshake("string")
        .sshAlgorithm("string")
        .sshPolicyCheck("string")
        .sshTunPolicyCheck("string")
        .status("string")
        .unsupportedVersion("string")
        .build())
    .ssl(ObjectFirewallSslsshprofileSslArgs.builder()
        .allowInvalidServerCert("string")
        .certProbeFailure("string")
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertRequest("string")
        .clientCertificate("string")
        .encryptedClientHello("string")
        .expiredServerCert("string")
        .inspectAll("string")
        .invalidServerCert("string")
        .minAllowedSslVersion("string")
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .unsupportedSsl("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedCert("string")
        .untrustedServerCert("string")
        .build())
    .sslAnomaliesLog("string")
    .sslAnomalyLog("string")
    .sslExemptionIpRating("string")
    .sslExemptionLog("string")
    .sslExemptionsLog("string")
    .sslExempts(ObjectFirewallSslsshprofileSslExemptArgs.builder()
        .address("string")
        .address6("string")
        .fortiguardCategories("string")
        .id(0)
        .regex("string")
        .type("string")
        .wildcardFqdns("string")
        .build())
    .sslHandshakeLog("string")
    .sslNegotiationLog("string")
    .sslServerCertLog("string")
    .sslServers(ObjectFirewallSslsshprofileSslServerArgs.builder()
        .ftpsClientCertRequest("string")
        .ftpsClientCertificate("string")
        .httpsClientCertRequest("string")
        .httpsClientCertificate("string")
        .id(0)
        .imapsClientCertRequest("string")
        .imapsClientCertificate("string")
        .ip("string")
        .pop3sClientCertRequest("string")
        .pop3sClientCertificate("string")
        .smtpsClientCertRequest("string")
        .smtpsClientCertificate("string")
        .sslOtherClientCertRequest("string")
        .sslOtherClientCertificate("string")
        .build())
    .supportedAlpn("string")
    .untrustedCaname("string")
    .useSslServer("string")
    .whitelist("string")
    .build());
Copy
object_firewall_sslsshprofile_resource = fortimanager.ObjectFirewallSslsshprofile("objectFirewallSslsshprofileResource",
    adom="string",
    allowlist="string",
    block_blacklisted_certificates="string",
    block_blocklisted_certificates="string",
    caname="string",
    comment="string",
    dot={
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_certificate": "string",
        "expired_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "proxy_after_tcp_handshake": "string",
        "quic": "string",
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "status": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_server_cert": "string",
    },
    dynamic_sort_subtable="string",
    ech_outer_snis=[{
        "name": "string",
        "sni": "string",
    }],
    ftps={
        "allow_invalid_server_cert": "string",
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_cert_request": "string",
        "client_certificate": "string",
        "expired_server_cert": "string",
        "invalid_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "ports": [0],
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "status": "string",
        "unsupported_ssl": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_cert": "string",
        "untrusted_server_cert": "string",
    },
    https={
        "allow_invalid_server_cert": "string",
        "cert_probe_failure": "string",
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_cert_request": "string",
        "client_certificate": "string",
        "encrypted_client_hello": "string",
        "expired_server_cert": "string",
        "invalid_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "ports": [0],
        "proxy_after_tcp_handshake": "string",
        "quic": "string",
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "status": "string",
        "unsupported_ssl": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_cert": "string",
        "untrusted_server_cert": "string",
    },
    imaps={
        "allow_invalid_server_cert": "string",
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_cert_request": "string",
        "client_certificate": "string",
        "expired_server_cert": "string",
        "invalid_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "ports": [0],
        "proxy_after_tcp_handshake": "string",
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "status": "string",
        "unsupported_ssl": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_cert": "string",
        "untrusted_server_cert": "string",
    },
    mapi_over_https="string",
    name="string",
    object_firewall_sslsshprofile_id="string",
    pop3s={
        "allow_invalid_server_cert": "string",
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_cert_request": "string",
        "client_certificate": "string",
        "expired_server_cert": "string",
        "invalid_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "ports": [0],
        "proxy_after_tcp_handshake": "string",
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "status": "string",
        "unsupported_ssl": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_cert": "string",
        "untrusted_server_cert": "string",
    },
    rpc_over_https="string",
    scopetype="string",
    server_cert="string",
    server_cert_mode="string",
    smtps={
        "allow_invalid_server_cert": "string",
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_cert_request": "string",
        "client_certificate": "string",
        "expired_server_cert": "string",
        "invalid_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "ports": [0],
        "proxy_after_tcp_handshake": "string",
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "status": "string",
        "unsupported_ssl": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_cert": "string",
        "untrusted_server_cert": "string",
    },
    ssh={
        "inspect_all": "string",
        "ports": [0],
        "proxy_after_tcp_handshake": "string",
        "ssh_algorithm": "string",
        "ssh_policy_check": "string",
        "ssh_tun_policy_check": "string",
        "status": "string",
        "unsupported_version": "string",
    },
    ssl={
        "allow_invalid_server_cert": "string",
        "cert_probe_failure": "string",
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_cert_request": "string",
        "client_certificate": "string",
        "encrypted_client_hello": "string",
        "expired_server_cert": "string",
        "inspect_all": "string",
        "invalid_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "unsupported_ssl": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_cert": "string",
        "untrusted_server_cert": "string",
    },
    ssl_anomalies_log="string",
    ssl_anomaly_log="string",
    ssl_exemption_ip_rating="string",
    ssl_exemption_log="string",
    ssl_exemptions_log="string",
    ssl_exempts=[{
        "address": "string",
        "address6": "string",
        "fortiguard_categories": ["string"],
        "id": 0,
        "regex": "string",
        "type": "string",
        "wildcard_fqdns": ["string"],
    }],
    ssl_handshake_log="string",
    ssl_negotiation_log="string",
    ssl_server_cert_log="string",
    ssl_servers=[{
        "ftps_client_cert_request": "string",
        "ftps_client_certificate": "string",
        "https_client_cert_request": "string",
        "https_client_certificate": "string",
        "id": 0,
        "imaps_client_cert_request": "string",
        "imaps_client_certificate": "string",
        "ip": "string",
        "pop3s_client_cert_request": "string",
        "pop3s_client_certificate": "string",
        "smtps_client_cert_request": "string",
        "smtps_client_certificate": "string",
        "ssl_other_client_cert_request": "string",
        "ssl_other_client_certificate": "string",
    }],
    supported_alpn="string",
    untrusted_caname="string",
    use_ssl_server="string",
    whitelist="string")
Copy
const objectFirewallSslsshprofileResource = new fortimanager.ObjectFirewallSslsshprofile("objectFirewallSslsshprofileResource", {
    adom: "string",
    allowlist: "string",
    blockBlacklistedCertificates: "string",
    blockBlocklistedCertificates: "string",
    caname: "string",
    comment: "string",
    dot: {
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertificate: "string",
        expiredServerCert: "string",
        minAllowedSslVersion: "string",
        proxyAfterTcpHandshake: "string",
        quic: "string",
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        status: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedServerCert: "string",
    },
    dynamicSortSubtable: "string",
    echOuterSnis: [{
        name: "string",
        sni: "string",
    }],
    ftps: {
        allowInvalidServerCert: "string",
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertRequest: "string",
        clientCertificate: "string",
        expiredServerCert: "string",
        invalidServerCert: "string",
        minAllowedSslVersion: "string",
        ports: [0],
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        status: "string",
        unsupportedSsl: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedCert: "string",
        untrustedServerCert: "string",
    },
    https: {
        allowInvalidServerCert: "string",
        certProbeFailure: "string",
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertRequest: "string",
        clientCertificate: "string",
        encryptedClientHello: "string",
        expiredServerCert: "string",
        invalidServerCert: "string",
        minAllowedSslVersion: "string",
        ports: [0],
        proxyAfterTcpHandshake: "string",
        quic: "string",
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        status: "string",
        unsupportedSsl: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedCert: "string",
        untrustedServerCert: "string",
    },
    imaps: {
        allowInvalidServerCert: "string",
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertRequest: "string",
        clientCertificate: "string",
        expiredServerCert: "string",
        invalidServerCert: "string",
        minAllowedSslVersion: "string",
        ports: [0],
        proxyAfterTcpHandshake: "string",
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        status: "string",
        unsupportedSsl: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedCert: "string",
        untrustedServerCert: "string",
    },
    mapiOverHttps: "string",
    name: "string",
    objectFirewallSslsshprofileId: "string",
    pop3s: {
        allowInvalidServerCert: "string",
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertRequest: "string",
        clientCertificate: "string",
        expiredServerCert: "string",
        invalidServerCert: "string",
        minAllowedSslVersion: "string",
        ports: [0],
        proxyAfterTcpHandshake: "string",
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        status: "string",
        unsupportedSsl: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedCert: "string",
        untrustedServerCert: "string",
    },
    rpcOverHttps: "string",
    scopetype: "string",
    serverCert: "string",
    serverCertMode: "string",
    smtps: {
        allowInvalidServerCert: "string",
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertRequest: "string",
        clientCertificate: "string",
        expiredServerCert: "string",
        invalidServerCert: "string",
        minAllowedSslVersion: "string",
        ports: [0],
        proxyAfterTcpHandshake: "string",
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        status: "string",
        unsupportedSsl: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedCert: "string",
        untrustedServerCert: "string",
    },
    ssh: {
        inspectAll: "string",
        ports: [0],
        proxyAfterTcpHandshake: "string",
        sshAlgorithm: "string",
        sshPolicyCheck: "string",
        sshTunPolicyCheck: "string",
        status: "string",
        unsupportedVersion: "string",
    },
    ssl: {
        allowInvalidServerCert: "string",
        certProbeFailure: "string",
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertRequest: "string",
        clientCertificate: "string",
        encryptedClientHello: "string",
        expiredServerCert: "string",
        inspectAll: "string",
        invalidServerCert: "string",
        minAllowedSslVersion: "string",
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        unsupportedSsl: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedCert: "string",
        untrustedServerCert: "string",
    },
    sslAnomaliesLog: "string",
    sslAnomalyLog: "string",
    sslExemptionIpRating: "string",
    sslExemptionLog: "string",
    sslExemptionsLog: "string",
    sslExempts: [{
        address: "string",
        address6: "string",
        fortiguardCategories: ["string"],
        id: 0,
        regex: "string",
        type: "string",
        wildcardFqdns: ["string"],
    }],
    sslHandshakeLog: "string",
    sslNegotiationLog: "string",
    sslServerCertLog: "string",
    sslServers: [{
        ftpsClientCertRequest: "string",
        ftpsClientCertificate: "string",
        httpsClientCertRequest: "string",
        httpsClientCertificate: "string",
        id: 0,
        imapsClientCertRequest: "string",
        imapsClientCertificate: "string",
        ip: "string",
        pop3sClientCertRequest: "string",
        pop3sClientCertificate: "string",
        smtpsClientCertRequest: "string",
        smtpsClientCertificate: "string",
        sslOtherClientCertRequest: "string",
        sslOtherClientCertificate: "string",
    }],
    supportedAlpn: "string",
    untrustedCaname: "string",
    useSslServer: "string",
    whitelist: "string",
});
Copy
type: fortimanager:ObjectFirewallSslsshprofile
properties:
    adom: string
    allowlist: string
    blockBlacklistedCertificates: string
    blockBlocklistedCertificates: string
    caname: string
    comment: string
    dot:
        certValidationFailure: string
        certValidationTimeout: string
        clientCertificate: string
        expiredServerCert: string
        minAllowedSslVersion: string
        proxyAfterTcpHandshake: string
        quic: string
        revokedServerCert: string
        sniServerCertCheck: string
        status: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedServerCert: string
    dynamicSortSubtable: string
    echOuterSnis:
        - name: string
          sni: string
    ftps:
        allowInvalidServerCert: string
        certValidationFailure: string
        certValidationTimeout: string
        clientCertRequest: string
        clientCertificate: string
        expiredServerCert: string
        invalidServerCert: string
        minAllowedSslVersion: string
        ports:
            - 0
        revokedServerCert: string
        sniServerCertCheck: string
        status: string
        unsupportedSsl: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedCert: string
        untrustedServerCert: string
    https:
        allowInvalidServerCert: string
        certProbeFailure: string
        certValidationFailure: string
        certValidationTimeout: string
        clientCertRequest: string
        clientCertificate: string
        encryptedClientHello: string
        expiredServerCert: string
        invalidServerCert: string
        minAllowedSslVersion: string
        ports:
            - 0
        proxyAfterTcpHandshake: string
        quic: string
        revokedServerCert: string
        sniServerCertCheck: string
        status: string
        unsupportedSsl: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedCert: string
        untrustedServerCert: string
    imaps:
        allowInvalidServerCert: string
        certValidationFailure: string
        certValidationTimeout: string
        clientCertRequest: string
        clientCertificate: string
        expiredServerCert: string
        invalidServerCert: string
        minAllowedSslVersion: string
        ports:
            - 0
        proxyAfterTcpHandshake: string
        revokedServerCert: string
        sniServerCertCheck: string
        status: string
        unsupportedSsl: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedCert: string
        untrustedServerCert: string
    mapiOverHttps: string
    name: string
    objectFirewallSslsshprofileId: string
    pop3s:
        allowInvalidServerCert: string
        certValidationFailure: string
        certValidationTimeout: string
        clientCertRequest: string
        clientCertificate: string
        expiredServerCert: string
        invalidServerCert: string
        minAllowedSslVersion: string
        ports:
            - 0
        proxyAfterTcpHandshake: string
        revokedServerCert: string
        sniServerCertCheck: string
        status: string
        unsupportedSsl: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedCert: string
        untrustedServerCert: string
    rpcOverHttps: string
    scopetype: string
    serverCert: string
    serverCertMode: string
    smtps:
        allowInvalidServerCert: string
        certValidationFailure: string
        certValidationTimeout: string
        clientCertRequest: string
        clientCertificate: string
        expiredServerCert: string
        invalidServerCert: string
        minAllowedSslVersion: string
        ports:
            - 0
        proxyAfterTcpHandshake: string
        revokedServerCert: string
        sniServerCertCheck: string
        status: string
        unsupportedSsl: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedCert: string
        untrustedServerCert: string
    ssh:
        inspectAll: string
        ports:
            - 0
        proxyAfterTcpHandshake: string
        sshAlgorithm: string
        sshPolicyCheck: string
        sshTunPolicyCheck: string
        status: string
        unsupportedVersion: string
    ssl:
        allowInvalidServerCert: string
        certProbeFailure: string
        certValidationFailure: string
        certValidationTimeout: string
        clientCertRequest: string
        clientCertificate: string
        encryptedClientHello: string
        expiredServerCert: string
        inspectAll: string
        invalidServerCert: string
        minAllowedSslVersion: string
        revokedServerCert: string
        sniServerCertCheck: string
        unsupportedSsl: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedCert: string
        untrustedServerCert: string
    sslAnomaliesLog: string
    sslAnomalyLog: string
    sslExemptionIpRating: string
    sslExemptionLog: string
    sslExemptionsLog: string
    sslExempts:
        - address: string
          address6: string
          fortiguardCategories:
            - string
          id: 0
          regex: string
          type: string
          wildcardFqdns:
            - string
    sslHandshakeLog: string
    sslNegotiationLog: string
    sslServerCertLog: string
    sslServers:
        - ftpsClientCertRequest: string
          ftpsClientCertificate: string
          httpsClientCertRequest: string
          httpsClientCertificate: string
          id: 0
          imapsClientCertRequest: string
          imapsClientCertificate: string
          ip: string
          pop3sClientCertRequest: string
          pop3sClientCertificate: string
          smtpsClientCertRequest: string
          smtpsClientCertificate: string
          sslOtherClientCertRequest: string
          sslOtherClientCertificate: string
    supportedAlpn: string
    untrustedCaname: string
    useSslServer: string
    whitelist: string
Copy

ObjectFirewallSslsshprofile Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ObjectFirewallSslsshprofile resource accepts the following input properties:

Adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
Allowlist string
Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
BlockBlacklistedCertificates string
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
BlockBlocklistedCertificates string
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
Caname string
CA certificate used by SSL Inspection.
Comment string
Optional comments.
Dot ObjectFirewallSslsshprofileDot
Dot. The structure of dot block is documented below.
DynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EchOuterSnis List<ObjectFirewallSslsshprofileEchOuterSni>
Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
Ftps ObjectFirewallSslsshprofileFtps
Ftps. The structure of ftps block is documented below.
Https ObjectFirewallSslsshprofileHttps
Https. The structure of https block is documented below.
Imaps ObjectFirewallSslsshprofileImaps
Imaps. The structure of imaps block is documented below.
MapiOverHttps string
Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
Name string
Name.
ObjectFirewallSslsshprofileId string
an identifier for the resource with format {{name}}.
Pop3s ObjectFirewallSslsshprofilePop3s
Pop3S. The structure of pop3s block is documented below.
RpcOverHttps string
Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
Scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
ServerCert string
Certificate used by SSL Inspection to replace server certificate.
ServerCertMode string
Re-sign or replace the server's certificate. Valid values: re-sign, replace.
Smtps ObjectFirewallSslsshprofileSmtps
Smtps. The structure of smtps block is documented below.
Ssh ObjectFirewallSslsshprofileSsh
Ssh. The structure of ssh block is documented below.
Ssl ObjectFirewallSslsshprofileSsl
Ssl. The structure of ssl block is documented below.
SslAnomaliesLog string
Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslAnomalyLog string
Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslExemptionIpRating string
Enable/disable IP based URL rating. Valid values: disable, enable.
SslExemptionLog string
Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExemptionsLog string
Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExempts List<ObjectFirewallSslsshprofileSslExempt>
Ssl-Exempt. The structure of ssl_exempt block is documented below.
SslHandshakeLog string
Enable/disable logging of TLS handshakes. Valid values: disable, enable.
SslNegotiationLog string
Enable/disable logging SSL negotiation. Valid values: disable, enable.
SslServerCertLog string
Enable/disable logging of server certificate information. Valid values: disable, enable.
SslServers List<ObjectFirewallSslsshprofileSslServer>
Ssl-Server. The structure of ssl_server block is documented below.
SupportedAlpn string
Configure ALPN option. Valid values: none, http1-1, http2, all.
UntrustedCaname string
Untrusted CA certificate used by SSL Inspection.
UseSslServer string
Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
Whitelist string
Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.
Adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
Allowlist string
Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
BlockBlacklistedCertificates string
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
BlockBlocklistedCertificates string
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
Caname string
CA certificate used by SSL Inspection.
Comment string
Optional comments.
Dot ObjectFirewallSslsshprofileDotTypeArgs
Dot. The structure of dot block is documented below.
DynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EchOuterSnis []ObjectFirewallSslsshprofileEchOuterSniTypeArgs
Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
Ftps ObjectFirewallSslsshprofileFtpsTypeArgs
Ftps. The structure of ftps block is documented below.
Https ObjectFirewallSslsshprofileHttpsTypeArgs
Https. The structure of https block is documented below.
Imaps ObjectFirewallSslsshprofileImapsTypeArgs
Imaps. The structure of imaps block is documented below.
MapiOverHttps string
Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
Name string
Name.
ObjectFirewallSslsshprofileId string
an identifier for the resource with format {{name}}.
Pop3s ObjectFirewallSslsshprofilePop3sTypeArgs
Pop3S. The structure of pop3s block is documented below.
RpcOverHttps string
Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
Scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
ServerCert string
Certificate used by SSL Inspection to replace server certificate.
ServerCertMode string
Re-sign or replace the server's certificate. Valid values: re-sign, replace.
Smtps ObjectFirewallSslsshprofileSmtpsTypeArgs
Smtps. The structure of smtps block is documented below.
Ssh ObjectFirewallSslsshprofileSshTypeArgs
Ssh. The structure of ssh block is documented below.
Ssl ObjectFirewallSslsshprofileSslTypeArgs
Ssl. The structure of ssl block is documented below.
SslAnomaliesLog string
Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslAnomalyLog string
Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslExemptionIpRating string
Enable/disable IP based URL rating. Valid values: disable, enable.
SslExemptionLog string
Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExemptionsLog string
Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExempts []ObjectFirewallSslsshprofileSslExemptTypeArgs
Ssl-Exempt. The structure of ssl_exempt block is documented below.
SslHandshakeLog string
Enable/disable logging of TLS handshakes. Valid values: disable, enable.
SslNegotiationLog string
Enable/disable logging SSL negotiation. Valid values: disable, enable.
SslServerCertLog string
Enable/disable logging of server certificate information. Valid values: disable, enable.
SslServers []ObjectFirewallSslsshprofileSslServerTypeArgs
Ssl-Server. The structure of ssl_server block is documented below.
SupportedAlpn string
Configure ALPN option. Valid values: none, http1-1, http2, all.
UntrustedCaname string
Untrusted CA certificate used by SSL Inspection.
UseSslServer string
Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
Whitelist string
Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.
adom String
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist String
Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
blockBlacklistedCertificates String
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
blockBlocklistedCertificates String
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname String
CA certificate used by SSL Inspection.
comment String
Optional comments.
dot ObjectFirewallSslsshprofileDot
Dot. The structure of dot block is documented below.
dynamicSortSubtable String
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
echOuterSnis List<ObjectFirewallSslsshprofileEchOuterSni>
Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps ObjectFirewallSslsshprofileFtps
Ftps. The structure of ftps block is documented below.
https ObjectFirewallSslsshprofileHttps
Https. The structure of https block is documented below.
imaps ObjectFirewallSslsshprofileImaps
Imaps. The structure of imaps block is documented below.
mapiOverHttps String
Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name String
Name.
objectFirewallSslsshprofileId String
an identifier for the resource with format {{name}}.
pop3s ObjectFirewallSslsshprofilePop3s
Pop3S. The structure of pop3s block is documented below.
rpcOverHttps String
Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype String
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverCert String
Certificate used by SSL Inspection to replace server certificate.
serverCertMode String
Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps ObjectFirewallSslsshprofileSmtps
Smtps. The structure of smtps block is documented below.
ssh ObjectFirewallSslsshprofileSsh
Ssh. The structure of ssh block is documented below.
ssl ObjectFirewallSslsshprofileSsl
Ssl. The structure of ssl block is documented below.
sslAnomaliesLog String
Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslAnomalyLog String
Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslExemptionIpRating String
Enable/disable IP based URL rating. Valid values: disable, enable.
sslExemptionLog String
Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExemptionsLog String
Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExempts List<ObjectFirewallSslsshprofileSslExempt>
Ssl-Exempt. The structure of ssl_exempt block is documented below.
sslHandshakeLog String
Enable/disable logging of TLS handshakes. Valid values: disable, enable.
sslNegotiationLog String
Enable/disable logging SSL negotiation. Valid values: disable, enable.
sslServerCertLog String
Enable/disable logging of server certificate information. Valid values: disable, enable.
sslServers List<ObjectFirewallSslsshprofileSslServer>
Ssl-Server. The structure of ssl_server block is documented below.
supportedAlpn String
Configure ALPN option. Valid values: none, http1-1, http2, all.
untrustedCaname String
Untrusted CA certificate used by SSL Inspection.
useSslServer String
Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist String
Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.
adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist string
Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
blockBlacklistedCertificates string
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
blockBlocklistedCertificates string
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname string
CA certificate used by SSL Inspection.
comment string
Optional comments.
dot ObjectFirewallSslsshprofileDot
Dot. The structure of dot block is documented below.
dynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
echOuterSnis ObjectFirewallSslsshprofileEchOuterSni[]
Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps ObjectFirewallSslsshprofileFtps
Ftps. The structure of ftps block is documented below.
https ObjectFirewallSslsshprofileHttps
Https. The structure of https block is documented below.
imaps ObjectFirewallSslsshprofileImaps
Imaps. The structure of imaps block is documented below.
mapiOverHttps string
Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name string
Name.
objectFirewallSslsshprofileId string
an identifier for the resource with format {{name}}.
pop3s ObjectFirewallSslsshprofilePop3s
Pop3S. The structure of pop3s block is documented below.
rpcOverHttps string
Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverCert string
Certificate used by SSL Inspection to replace server certificate.
serverCertMode string
Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps ObjectFirewallSslsshprofileSmtps
Smtps. The structure of smtps block is documented below.
ssh ObjectFirewallSslsshprofileSsh
Ssh. The structure of ssh block is documented below.
ssl ObjectFirewallSslsshprofileSsl
Ssl. The structure of ssl block is documented below.
sslAnomaliesLog string
Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslAnomalyLog string
Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslExemptionIpRating string
Enable/disable IP based URL rating. Valid values: disable, enable.
sslExemptionLog string
Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExemptionsLog string
Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExempts ObjectFirewallSslsshprofileSslExempt[]
Ssl-Exempt. The structure of ssl_exempt block is documented below.
sslHandshakeLog string
Enable/disable logging of TLS handshakes. Valid values: disable, enable.
sslNegotiationLog string
Enable/disable logging SSL negotiation. Valid values: disable, enable.
sslServerCertLog string
Enable/disable logging of server certificate information. Valid values: disable, enable.
sslServers ObjectFirewallSslsshprofileSslServer[]
Ssl-Server. The structure of ssl_server block is documented below.
supportedAlpn string
Configure ALPN option. Valid values: none, http1-1, http2, all.
untrustedCaname string
Untrusted CA certificate used by SSL Inspection.
useSslServer string
Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist string
Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.
adom str
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist str
Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
block_blacklisted_certificates str
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
block_blocklisted_certificates str
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname str
CA certificate used by SSL Inspection.
comment str
Optional comments.
dot ObjectFirewallSslsshprofileDotArgs
Dot. The structure of dot block is documented below.
dynamic_sort_subtable str
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
ech_outer_snis Sequence[ObjectFirewallSslsshprofileEchOuterSniArgs]
Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps ObjectFirewallSslsshprofileFtpsArgs
Ftps. The structure of ftps block is documented below.
https ObjectFirewallSslsshprofileHttpsArgs
Https. The structure of https block is documented below.
imaps ObjectFirewallSslsshprofileImapsArgs
Imaps. The structure of imaps block is documented below.
mapi_over_https str
Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name str
Name.
object_firewall_sslsshprofile_id str
an identifier for the resource with format {{name}}.
pop3s ObjectFirewallSslsshprofilePop3sArgs
Pop3S. The structure of pop3s block is documented below.
rpc_over_https str
Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype str
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
server_cert str
Certificate used by SSL Inspection to replace server certificate.
server_cert_mode str
Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps ObjectFirewallSslsshprofileSmtpsArgs
Smtps. The structure of smtps block is documented below.
ssh ObjectFirewallSslsshprofileSshArgs
Ssh. The structure of ssh block is documented below.
ssl ObjectFirewallSslsshprofileSslArgs
Ssl. The structure of ssl block is documented below.
ssl_anomalies_log str
Enable/disable logging SSL anomalies. Valid values: disable, enable.
ssl_anomaly_log str
Enable/disable logging SSL anomalies. Valid values: disable, enable.
ssl_exemption_ip_rating str
Enable/disable IP based URL rating. Valid values: disable, enable.
ssl_exemption_log str
Enable/disable logging SSL exemptions. Valid values: disable, enable.
ssl_exemptions_log str
Enable/disable logging SSL exemptions. Valid values: disable, enable.
ssl_exempts Sequence[ObjectFirewallSslsshprofileSslExemptArgs]
Ssl-Exempt. The structure of ssl_exempt block is documented below.
ssl_handshake_log str
Enable/disable logging of TLS handshakes. Valid values: disable, enable.
ssl_negotiation_log str
Enable/disable logging SSL negotiation. Valid values: disable, enable.
ssl_server_cert_log str
Enable/disable logging of server certificate information. Valid values: disable, enable.
ssl_servers Sequence[ObjectFirewallSslsshprofileSslServerArgs]
Ssl-Server. The structure of ssl_server block is documented below.
supported_alpn str
Configure ALPN option. Valid values: none, http1-1, http2, all.
untrusted_caname str
Untrusted CA certificate used by SSL Inspection.
use_ssl_server str
Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist str
Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.
adom String
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist String
Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
blockBlacklistedCertificates String
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
blockBlocklistedCertificates String
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname String
CA certificate used by SSL Inspection.
comment String
Optional comments.
dot Property Map
Dot. The structure of dot block is documented below.
dynamicSortSubtable String
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
echOuterSnis List<Property Map>
Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps Property Map
Ftps. The structure of ftps block is documented below.
https Property Map
Https. The structure of https block is documented below.
imaps Property Map
Imaps. The structure of imaps block is documented below.
mapiOverHttps String
Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name String
Name.
objectFirewallSslsshprofileId String
an identifier for the resource with format {{name}}.
pop3s Property Map
Pop3S. The structure of pop3s block is documented below.
rpcOverHttps String
Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype String
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverCert String
Certificate used by SSL Inspection to replace server certificate.
serverCertMode String
Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps Property Map
Smtps. The structure of smtps block is documented below.
ssh Property Map
Ssh. The structure of ssh block is documented below.
ssl Property Map
Ssl. The structure of ssl block is documented below.
sslAnomaliesLog String
Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslAnomalyLog String
Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslExemptionIpRating String
Enable/disable IP based URL rating. Valid values: disable, enable.
sslExemptionLog String
Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExemptionsLog String
Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExempts List<Property Map>
Ssl-Exempt. The structure of ssl_exempt block is documented below.
sslHandshakeLog String
Enable/disable logging of TLS handshakes. Valid values: disable, enable.
sslNegotiationLog String
Enable/disable logging SSL negotiation. Valid values: disable, enable.
sslServerCertLog String
Enable/disable logging of server certificate information. Valid values: disable, enable.
sslServers List<Property Map>
Ssl-Server. The structure of ssl_server block is documented below.
supportedAlpn String
Configure ALPN option. Valid values: none, http1-1, http2, all.
untrustedCaname String
Untrusted CA certificate used by SSL Inspection.
useSslServer String
Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist String
Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

Outputs

All input properties are implicitly available as output properties. Additionally, the ObjectFirewallSslsshprofile resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing ObjectFirewallSslsshprofile Resource

Get an existing ObjectFirewallSslsshprofile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ObjectFirewallSslsshprofileState, opts?: CustomResourceOptions): ObjectFirewallSslsshprofile
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        adom: Optional[str] = None,
        allowlist: Optional[str] = None,
        block_blacklisted_certificates: Optional[str] = None,
        block_blocklisted_certificates: Optional[str] = None,
        caname: Optional[str] = None,
        comment: Optional[str] = None,
        dot: Optional[ObjectFirewallSslsshprofileDotArgs] = None,
        dynamic_sort_subtable: Optional[str] = None,
        ech_outer_snis: Optional[Sequence[ObjectFirewallSslsshprofileEchOuterSniArgs]] = None,
        ftps: Optional[ObjectFirewallSslsshprofileFtpsArgs] = None,
        https: Optional[ObjectFirewallSslsshprofileHttpsArgs] = None,
        imaps: Optional[ObjectFirewallSslsshprofileImapsArgs] = None,
        mapi_over_https: Optional[str] = None,
        name: Optional[str] = None,
        object_firewall_sslsshprofile_id: Optional[str] = None,
        pop3s: Optional[ObjectFirewallSslsshprofilePop3sArgs] = None,
        rpc_over_https: Optional[str] = None,
        scopetype: Optional[str] = None,
        server_cert: Optional[str] = None,
        server_cert_mode: Optional[str] = None,
        smtps: Optional[ObjectFirewallSslsshprofileSmtpsArgs] = None,
        ssh: Optional[ObjectFirewallSslsshprofileSshArgs] = None,
        ssl: Optional[ObjectFirewallSslsshprofileSslArgs] = None,
        ssl_anomalies_log: Optional[str] = None,
        ssl_anomaly_log: Optional[str] = None,
        ssl_exemption_ip_rating: Optional[str] = None,
        ssl_exemption_log: Optional[str] = None,
        ssl_exemptions_log: Optional[str] = None,
        ssl_exempts: Optional[Sequence[ObjectFirewallSslsshprofileSslExemptArgs]] = None,
        ssl_handshake_log: Optional[str] = None,
        ssl_negotiation_log: Optional[str] = None,
        ssl_server_cert_log: Optional[str] = None,
        ssl_servers: Optional[Sequence[ObjectFirewallSslsshprofileSslServerArgs]] = None,
        supported_alpn: Optional[str] = None,
        untrusted_caname: Optional[str] = None,
        use_ssl_server: Optional[str] = None,
        whitelist: Optional[str] = None) -> ObjectFirewallSslsshprofile
func GetObjectFirewallSslsshprofile(ctx *Context, name string, id IDInput, state *ObjectFirewallSslsshprofileState, opts ...ResourceOption) (*ObjectFirewallSslsshprofile, error)
public static ObjectFirewallSslsshprofile Get(string name, Input<string> id, ObjectFirewallSslsshprofileState? state, CustomResourceOptions? opts = null)
public static ObjectFirewallSslsshprofile get(String name, Output<String> id, ObjectFirewallSslsshprofileState state, CustomResourceOptions options)
resources:  _:    type: fortimanager:ObjectFirewallSslsshprofile    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
Allowlist string
Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
BlockBlacklistedCertificates string
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
BlockBlocklistedCertificates string
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
Caname string
CA certificate used by SSL Inspection.
Comment string
Optional comments.
Dot ObjectFirewallSslsshprofileDot
Dot. The structure of dot block is documented below.
DynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EchOuterSnis List<ObjectFirewallSslsshprofileEchOuterSni>
Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
Ftps ObjectFirewallSslsshprofileFtps
Ftps. The structure of ftps block is documented below.
Https ObjectFirewallSslsshprofileHttps
Https. The structure of https block is documented below.
Imaps ObjectFirewallSslsshprofileImaps
Imaps. The structure of imaps block is documented below.
MapiOverHttps string
Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
Name string
Name.
ObjectFirewallSslsshprofileId string
an identifier for the resource with format {{name}}.
Pop3s ObjectFirewallSslsshprofilePop3s
Pop3S. The structure of pop3s block is documented below.
RpcOverHttps string
Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
Scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
ServerCert string
Certificate used by SSL Inspection to replace server certificate.
ServerCertMode string
Re-sign or replace the server's certificate. Valid values: re-sign, replace.
Smtps ObjectFirewallSslsshprofileSmtps
Smtps. The structure of smtps block is documented below.
Ssh ObjectFirewallSslsshprofileSsh
Ssh. The structure of ssh block is documented below.
Ssl ObjectFirewallSslsshprofileSsl
Ssl. The structure of ssl block is documented below.
SslAnomaliesLog string
Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslAnomalyLog string
Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslExemptionIpRating string
Enable/disable IP based URL rating. Valid values: disable, enable.
SslExemptionLog string
Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExemptionsLog string
Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExempts List<ObjectFirewallSslsshprofileSslExempt>
Ssl-Exempt. The structure of ssl_exempt block is documented below.
SslHandshakeLog string
Enable/disable logging of TLS handshakes. Valid values: disable, enable.
SslNegotiationLog string
Enable/disable logging SSL negotiation. Valid values: disable, enable.
SslServerCertLog string
Enable/disable logging of server certificate information. Valid values: disable, enable.
SslServers List<ObjectFirewallSslsshprofileSslServer>
Ssl-Server. The structure of ssl_server block is documented below.
SupportedAlpn string
Configure ALPN option. Valid values: none, http1-1, http2, all.
UntrustedCaname string
Untrusted CA certificate used by SSL Inspection.
UseSslServer string
Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
Whitelist string
Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.
Adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
Allowlist string
Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
BlockBlacklistedCertificates string
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
BlockBlocklistedCertificates string
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
Caname string
CA certificate used by SSL Inspection.
Comment string
Optional comments.
Dot ObjectFirewallSslsshprofileDotTypeArgs
Dot. The structure of dot block is documented below.
DynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EchOuterSnis []ObjectFirewallSslsshprofileEchOuterSniTypeArgs
Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
Ftps ObjectFirewallSslsshprofileFtpsTypeArgs
Ftps. The structure of ftps block is documented below.
Https ObjectFirewallSslsshprofileHttpsTypeArgs
Https. The structure of https block is documented below.
Imaps ObjectFirewallSslsshprofileImapsTypeArgs
Imaps. The structure of imaps block is documented below.
MapiOverHttps string
Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
Name string
Name.
ObjectFirewallSslsshprofileId string
an identifier for the resource with format {{name}}.
Pop3s ObjectFirewallSslsshprofilePop3sTypeArgs
Pop3S. The structure of pop3s block is documented below.
RpcOverHttps string
Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
Scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
ServerCert string
Certificate used by SSL Inspection to replace server certificate.
ServerCertMode string
Re-sign or replace the server's certificate. Valid values: re-sign, replace.
Smtps ObjectFirewallSslsshprofileSmtpsTypeArgs
Smtps. The structure of smtps block is documented below.
Ssh ObjectFirewallSslsshprofileSshTypeArgs
Ssh. The structure of ssh block is documented below.
Ssl ObjectFirewallSslsshprofileSslTypeArgs
Ssl. The structure of ssl block is documented below.
SslAnomaliesLog string
Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslAnomalyLog string
Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslExemptionIpRating string
Enable/disable IP based URL rating. Valid values: disable, enable.
SslExemptionLog string
Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExemptionsLog string
Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExempts []ObjectFirewallSslsshprofileSslExemptTypeArgs
Ssl-Exempt. The structure of ssl_exempt block is documented below.
SslHandshakeLog string
Enable/disable logging of TLS handshakes. Valid values: disable, enable.
SslNegotiationLog string
Enable/disable logging SSL negotiation. Valid values: disable, enable.
SslServerCertLog string
Enable/disable logging of server certificate information. Valid values: disable, enable.
SslServers []ObjectFirewallSslsshprofileSslServerTypeArgs
Ssl-Server. The structure of ssl_server block is documented below.
SupportedAlpn string
Configure ALPN option. Valid values: none, http1-1, http2, all.
UntrustedCaname string
Untrusted CA certificate used by SSL Inspection.
UseSslServer string
Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
Whitelist string
Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.
adom String
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist String
Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
blockBlacklistedCertificates String
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
blockBlocklistedCertificates String
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname String
CA certificate used by SSL Inspection.
comment String
Optional comments.
dot ObjectFirewallSslsshprofileDot
Dot. The structure of dot block is documented below.
dynamicSortSubtable String
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
echOuterSnis List<ObjectFirewallSslsshprofileEchOuterSni>
Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps ObjectFirewallSslsshprofileFtps
Ftps. The structure of ftps block is documented below.
https ObjectFirewallSslsshprofileHttps
Https. The structure of https block is documented below.
imaps ObjectFirewallSslsshprofileImaps
Imaps. The structure of imaps block is documented below.
mapiOverHttps String
Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name String
Name.
objectFirewallSslsshprofileId String
an identifier for the resource with format {{name}}.
pop3s ObjectFirewallSslsshprofilePop3s
Pop3S. The structure of pop3s block is documented below.
rpcOverHttps String
Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype String
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverCert String
Certificate used by SSL Inspection to replace server certificate.
serverCertMode String
Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps ObjectFirewallSslsshprofileSmtps
Smtps. The structure of smtps block is documented below.
ssh ObjectFirewallSslsshprofileSsh
Ssh. The structure of ssh block is documented below.
ssl ObjectFirewallSslsshprofileSsl
Ssl. The structure of ssl block is documented below.
sslAnomaliesLog String
Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslAnomalyLog String
Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslExemptionIpRating String
Enable/disable IP based URL rating. Valid values: disable, enable.
sslExemptionLog String
Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExemptionsLog String
Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExempts List<ObjectFirewallSslsshprofileSslExempt>
Ssl-Exempt. The structure of ssl_exempt block is documented below.
sslHandshakeLog String
Enable/disable logging of TLS handshakes. Valid values: disable, enable.
sslNegotiationLog String
Enable/disable logging SSL negotiation. Valid values: disable, enable.
sslServerCertLog String
Enable/disable logging of server certificate information. Valid values: disable, enable.
sslServers List<ObjectFirewallSslsshprofileSslServer>
Ssl-Server. The structure of ssl_server block is documented below.
supportedAlpn String
Configure ALPN option. Valid values: none, http1-1, http2, all.
untrustedCaname String
Untrusted CA certificate used by SSL Inspection.
useSslServer String
Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist String
Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.
adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist string
Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
blockBlacklistedCertificates string
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
blockBlocklistedCertificates string
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname string
CA certificate used by SSL Inspection.
comment string
Optional comments.
dot ObjectFirewallSslsshprofileDot
Dot. The structure of dot block is documented below.
dynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
echOuterSnis ObjectFirewallSslsshprofileEchOuterSni[]
Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps ObjectFirewallSslsshprofileFtps
Ftps. The structure of ftps block is documented below.
https ObjectFirewallSslsshprofileHttps
Https. The structure of https block is documented below.
imaps ObjectFirewallSslsshprofileImaps
Imaps. The structure of imaps block is documented below.
mapiOverHttps string
Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name string
Name.
objectFirewallSslsshprofileId string
an identifier for the resource with format {{name}}.
pop3s ObjectFirewallSslsshprofilePop3s
Pop3S. The structure of pop3s block is documented below.
rpcOverHttps string
Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverCert string
Certificate used by SSL Inspection to replace server certificate.
serverCertMode string
Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps ObjectFirewallSslsshprofileSmtps
Smtps. The structure of smtps block is documented below.
ssh ObjectFirewallSslsshprofileSsh
Ssh. The structure of ssh block is documented below.
ssl ObjectFirewallSslsshprofileSsl
Ssl. The structure of ssl block is documented below.
sslAnomaliesLog string
Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslAnomalyLog string
Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslExemptionIpRating string
Enable/disable IP based URL rating. Valid values: disable, enable.
sslExemptionLog string
Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExemptionsLog string
Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExempts ObjectFirewallSslsshprofileSslExempt[]
Ssl-Exempt. The structure of ssl_exempt block is documented below.
sslHandshakeLog string
Enable/disable logging of TLS handshakes. Valid values: disable, enable.
sslNegotiationLog string
Enable/disable logging SSL negotiation. Valid values: disable, enable.
sslServerCertLog string
Enable/disable logging of server certificate information. Valid values: disable, enable.
sslServers ObjectFirewallSslsshprofileSslServer[]
Ssl-Server. The structure of ssl_server block is documented below.
supportedAlpn string
Configure ALPN option. Valid values: none, http1-1, http2, all.
untrustedCaname string
Untrusted CA certificate used by SSL Inspection.
useSslServer string
Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist string
Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.
adom str
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist str
Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
block_blacklisted_certificates str
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
block_blocklisted_certificates str
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname str
CA certificate used by SSL Inspection.
comment str
Optional comments.
dot ObjectFirewallSslsshprofileDotArgs
Dot. The structure of dot block is documented below.
dynamic_sort_subtable str
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
ech_outer_snis Sequence[ObjectFirewallSslsshprofileEchOuterSniArgs]
Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps ObjectFirewallSslsshprofileFtpsArgs
Ftps. The structure of ftps block is documented below.
https ObjectFirewallSslsshprofileHttpsArgs
Https. The structure of https block is documented below.
imaps ObjectFirewallSslsshprofileImapsArgs
Imaps. The structure of imaps block is documented below.
mapi_over_https str
Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name str
Name.
object_firewall_sslsshprofile_id str
an identifier for the resource with format {{name}}.
pop3s ObjectFirewallSslsshprofilePop3sArgs
Pop3S. The structure of pop3s block is documented below.
rpc_over_https str
Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype str
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
server_cert str
Certificate used by SSL Inspection to replace server certificate.
server_cert_mode str
Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps ObjectFirewallSslsshprofileSmtpsArgs
Smtps. The structure of smtps block is documented below.
ssh ObjectFirewallSslsshprofileSshArgs
Ssh. The structure of ssh block is documented below.
ssl ObjectFirewallSslsshprofileSslArgs
Ssl. The structure of ssl block is documented below.
ssl_anomalies_log str
Enable/disable logging SSL anomalies. Valid values: disable, enable.
ssl_anomaly_log str
Enable/disable logging SSL anomalies. Valid values: disable, enable.
ssl_exemption_ip_rating str
Enable/disable IP based URL rating. Valid values: disable, enable.
ssl_exemption_log str
Enable/disable logging SSL exemptions. Valid values: disable, enable.
ssl_exemptions_log str
Enable/disable logging SSL exemptions. Valid values: disable, enable.
ssl_exempts Sequence[ObjectFirewallSslsshprofileSslExemptArgs]
Ssl-Exempt. The structure of ssl_exempt block is documented below.
ssl_handshake_log str
Enable/disable logging of TLS handshakes. Valid values: disable, enable.
ssl_negotiation_log str
Enable/disable logging SSL negotiation. Valid values: disable, enable.
ssl_server_cert_log str
Enable/disable logging of server certificate information. Valid values: disable, enable.
ssl_servers Sequence[ObjectFirewallSslsshprofileSslServerArgs]
Ssl-Server. The structure of ssl_server block is documented below.
supported_alpn str
Configure ALPN option. Valid values: none, http1-1, http2, all.
untrusted_caname str
Untrusted CA certificate used by SSL Inspection.
use_ssl_server str
Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist str
Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.
adom String
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist String
Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
blockBlacklistedCertificates String
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
blockBlocklistedCertificates String
Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname String
CA certificate used by SSL Inspection.
comment String
Optional comments.
dot Property Map
Dot. The structure of dot block is documented below.
dynamicSortSubtable String
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
echOuterSnis List<Property Map>
Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps Property Map
Ftps. The structure of ftps block is documented below.
https Property Map
Https. The structure of https block is documented below.
imaps Property Map
Imaps. The structure of imaps block is documented below.
mapiOverHttps String
Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name String
Name.
objectFirewallSslsshprofileId String
an identifier for the resource with format {{name}}.
pop3s Property Map
Pop3S. The structure of pop3s block is documented below.
rpcOverHttps String
Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype String
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverCert String
Certificate used by SSL Inspection to replace server certificate.
serverCertMode String
Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps Property Map
Smtps. The structure of smtps block is documented below.
ssh Property Map
Ssh. The structure of ssh block is documented below.
ssl Property Map
Ssl. The structure of ssl block is documented below.
sslAnomaliesLog String
Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslAnomalyLog String
Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslExemptionIpRating String
Enable/disable IP based URL rating. Valid values: disable, enable.
sslExemptionLog String
Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExemptionsLog String
Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExempts List<Property Map>
Ssl-Exempt. The structure of ssl_exempt block is documented below.
sslHandshakeLog String
Enable/disable logging of TLS handshakes. Valid values: disable, enable.
sslNegotiationLog String
Enable/disable logging SSL negotiation. Valid values: disable, enable.
sslServerCertLog String
Enable/disable logging of server certificate information. Valid values: disable, enable.
sslServers List<Property Map>
Ssl-Server. The structure of ssl_server block is documented below.
supportedAlpn String
Configure ALPN option. Valid values: none, http1-1, http2, all.
untrustedCaname String
Untrusted CA certificate used by SSL Inspection.
useSslServer String
Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist String
Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

Supporting Types

ObjectFirewallSslsshprofileDot
, ObjectFirewallSslsshprofileDotArgs

CertValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
MinAllowedSslVersion string
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ProxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
Quic string
Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
RevokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
Status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: block, allow.
UnsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: block, allow.
UnsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
CertValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
MinAllowedSslVersion string
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ProxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
Quic string
Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
RevokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
Status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: block, allow.
UnsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: block, allow.
UnsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
certValidationFailure String
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertificate String
Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String
Action based on server certificate is expired. Valid values: allow, block, ignore.
minAllowedSslVersion String
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
proxyAfterTcpHandshake String
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic String
Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revokedServerCert String
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
status String
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSslCipher String
Action based on the SSL cipher used being unsupported. Valid values: block, allow.
unsupportedSslNegotiation String
Action based on the SSL negotiation used being unsupported. Valid values: block, allow.
unsupportedSslVersion String
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedServerCert String
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
certValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
minAllowedSslVersion string
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
proxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic string
Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: block, allow.
unsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: block, allow.
unsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
cert_validation_failure str
Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str
Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_certificate str
Action based on received client certificate. Valid values: bypass, inspect, block.
expired_server_cert str
Action based on server certificate is expired. Valid values: allow, block, ignore.
min_allowed_ssl_version str
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
proxy_after_tcp_handshake str
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic str
Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revoked_server_cert str
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sni_server_cert_check str
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
status str
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupported_ssl_cipher str
Action based on the SSL cipher used being unsupported. Valid values: block, allow.
unsupported_ssl_negotiation str
Action based on the SSL negotiation used being unsupported. Valid values: block, allow.
unsupported_ssl_version str
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_server_cert str
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
certValidationFailure String
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertificate String
Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String
Action based on server certificate is expired. Valid values: allow, block, ignore.
minAllowedSslVersion String
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
proxyAfterTcpHandshake String
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic String
Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revokedServerCert String
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
status String
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSslCipher String
Action based on the SSL cipher used being unsupported. Valid values: block, allow.
unsupportedSslNegotiation String
Action based on the SSL negotiation used being unsupported. Valid values: block, allow.
unsupportedSslVersion String
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedServerCert String
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

ObjectFirewallSslsshprofileEchOuterSni
, ObjectFirewallSslsshprofileEchOuterSniArgs

Name string
ClientHelloOuter SNI name.
Sni string
ClientHelloOuter SNI to be blocked.
Name string
ClientHelloOuter SNI name.
Sni string
ClientHelloOuter SNI to be blocked.
name String
ClientHelloOuter SNI name.
sni String
ClientHelloOuter SNI to be blocked.
name string
ClientHelloOuter SNI name.
sni string
ClientHelloOuter SNI to be blocked.
name str
ClientHelloOuter SNI name.
sni str
ClientHelloOuter SNI to be blocked.
name String
ClientHelloOuter SNI name.
sni String
ClientHelloOuter SNI to be blocked.

ObjectFirewallSslsshprofileFtps
, ObjectFirewallSslsshprofileFtpsArgs

AllowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports List<double>
Ports to use for scanning (1 - 65535, default = 443).
RevokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
AllowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports []float64
Ports to use for scanning (1 - 65535, default = 443).
RevokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert String
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure String
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String
Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Double>
Ports to use for scanning (1 - 65535, default = 443).
revokedServerCert String
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl String
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion string
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports number[]
Ports to use for scanning (1 - 65535, default = 443).
revokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allow_invalid_server_cert str
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
cert_validation_failure str
Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str
Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_cert_request str
Action based on client certificate request. Valid values: bypass, inspect, block.
client_certificate str
Action based on received client certificate. Valid values: bypass, inspect, block.
expired_server_cert str
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalid_server_cert str
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
min_allowed_ssl_version str
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports Sequence[float]
Ports to use for scanning (1 - 65535, default = 443).
revoked_server_cert str
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sni_server_cert_check str
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status str
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupported_ssl str
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupported_ssl_cipher str
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupported_ssl_negotiation str
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupported_ssl_version str
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_cert str
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrusted_server_cert str
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert String
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure String
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String
Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Number>
Ports to use for scanning (1 - 65535, default = 443).
revokedServerCert String
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl String
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

ObjectFirewallSslsshprofileHttps
, ObjectFirewallSslsshprofileHttpsArgs

AllowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertProbeFailure string
Action based on certificate probe failure. Valid values: block, allow.
CertValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
EncryptedClientHello string
Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
ExpiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports List<double>
Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
Quic string
Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
RevokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string
Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
UnsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
AllowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertProbeFailure string
Action based on certificate probe failure. Valid values: block, allow.
CertValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
EncryptedClientHello string
Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
ExpiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports []float64
Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
Quic string
Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
RevokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string
Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
UnsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert String
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure String
Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure String
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String
Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello String
Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert String
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Double>
Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic String
Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revokedServerCert String
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String
Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
unsupportedSsl String
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure string
Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello string
Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion string
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports number[]
Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic string
Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status string
Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
unsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allow_invalid_server_cert str
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
cert_probe_failure str
Action based on certificate probe failure. Valid values: block, allow.
cert_validation_failure str
Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str
Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_cert_request str
Action based on client certificate request. Valid values: bypass, inspect, block.
client_certificate str
Action based on received client certificate. Valid values: bypass, inspect, block.
encrypted_client_hello str
Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expired_server_cert str
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalid_server_cert str
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
min_allowed_ssl_version str
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports Sequence[float]
Ports to use for scanning (1 - 65535, default = 443).
proxy_after_tcp_handshake str
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic str
Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revoked_server_cert str
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sni_server_cert_check str
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status str
Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
unsupported_ssl str
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupported_ssl_cipher str
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupported_ssl_negotiation str
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupported_ssl_version str
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_cert str
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrusted_server_cert str
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert String
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure String
Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure String
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String
Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello String
Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert String
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Number>
Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic String
Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revokedServerCert String
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String
Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
unsupportedSsl String
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

ObjectFirewallSslsshprofileImaps
, ObjectFirewallSslsshprofileImapsArgs

AllowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports List<double>
Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
RevokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
AllowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports []float64
Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
RevokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert String
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure String
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String
Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Double>
Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revokedServerCert String
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl String
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion string
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports number[]
Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allow_invalid_server_cert str
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
cert_validation_failure str
Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str
Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_cert_request str
Action based on client certificate request. Valid values: bypass, inspect, block.
client_certificate str
Action based on received client certificate. Valid values: bypass, inspect, block.
expired_server_cert str
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalid_server_cert str
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
min_allowed_ssl_version str
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports Sequence[float]
Ports to use for scanning (1 - 65535, default = 443).
proxy_after_tcp_handshake str
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revoked_server_cert str
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sni_server_cert_check str
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status str
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupported_ssl str
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupported_ssl_cipher str
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupported_ssl_negotiation str
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupported_ssl_version str
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_cert str
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrusted_server_cert str
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert String
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure String
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String
Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Number>
Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revokedServerCert String
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl String
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

ObjectFirewallSslsshprofilePop3s
, ObjectFirewallSslsshprofilePop3sArgs

ObjectFirewallSslsshprofileSmtps
, ObjectFirewallSslsshprofileSmtpsArgs

AllowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports List<double>
Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
RevokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
AllowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports []float64
Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
RevokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert String
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure String
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String
Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Double>
Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revokedServerCert String
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl String
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion string
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports number[]
Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allow_invalid_server_cert str
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
cert_validation_failure str
Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str
Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_cert_request str
Action based on client certificate request. Valid values: bypass, inspect, block.
client_certificate str
Action based on received client certificate. Valid values: bypass, inspect, block.
expired_server_cert str
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalid_server_cert str
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
min_allowed_ssl_version str
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports Sequence[float]
Ports to use for scanning (1 - 65535, default = 443).
proxy_after_tcp_handshake str
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revoked_server_cert str
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sni_server_cert_check str
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status str
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupported_ssl str
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupported_ssl_cipher str
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupported_ssl_negotiation str
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupported_ssl_version str
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_cert str
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrusted_server_cert str
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert String
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure String
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String
Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String
Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String
Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Number>
Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revokedServerCert String
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl String
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

ObjectFirewallSslsshprofileSsh
, ObjectFirewallSslsshprofileSshArgs

InspectAll string
Level of SSL inspection. Valid values: disable, deep-inspection.
Ports List<double>
Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
SshAlgorithm string
Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
SshPolicyCheck string
Enable/disable SSH policy check. Valid values: disable, enable.
SshTunPolicyCheck string
Enable/disable SSH tunnel policy check. Valid values: disable, enable.
Status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedVersion string
Action based on SSH version being unsupported. Valid values: block, bypass.
InspectAll string
Level of SSL inspection. Valid values: disable, deep-inspection.
Ports []float64
Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
SshAlgorithm string
Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
SshPolicyCheck string
Enable/disable SSH policy check. Valid values: disable, enable.
SshTunPolicyCheck string
Enable/disable SSH tunnel policy check. Valid values: disable, enable.
Status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedVersion string
Action based on SSH version being unsupported. Valid values: block, bypass.
inspectAll String
Level of SSL inspection. Valid values: disable, deep-inspection.
ports List<Double>
Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
sshAlgorithm String
Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
sshPolicyCheck String
Enable/disable SSH policy check. Valid values: disable, enable.
sshTunPolicyCheck String
Enable/disable SSH tunnel policy check. Valid values: disable, enable.
status String
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedVersion String
Action based on SSH version being unsupported. Valid values: block, bypass.
inspectAll string
Level of SSL inspection. Valid values: disable, deep-inspection.
ports number[]
Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake string
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
sshAlgorithm string
Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
sshPolicyCheck string
Enable/disable SSH policy check. Valid values: disable, enable.
sshTunPolicyCheck string
Enable/disable SSH tunnel policy check. Valid values: disable, enable.
status string
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedVersion string
Action based on SSH version being unsupported. Valid values: block, bypass.
inspect_all str
Level of SSL inspection. Valid values: disable, deep-inspection.
ports Sequence[float]
Ports to use for scanning (1 - 65535, default = 443).
proxy_after_tcp_handshake str
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
ssh_algorithm str
Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
ssh_policy_check str
Enable/disable SSH policy check. Valid values: disable, enable.
ssh_tun_policy_check str
Enable/disable SSH tunnel policy check. Valid values: disable, enable.
status str
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupported_version str
Action based on SSH version being unsupported. Valid values: block, bypass.
inspectAll String
Level of SSL inspection. Valid values: disable, deep-inspection.
ports List<Number>
Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String
Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
sshAlgorithm String
Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
sshPolicyCheck String
Enable/disable SSH policy check. Valid values: disable, enable.
sshTunPolicyCheck String
Enable/disable SSH tunnel policy check. Valid values: disable, enable.
status String
Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedVersion String
Action based on SSH version being unsupported. Valid values: block, bypass.

ObjectFirewallSslsshprofileSsl
, ObjectFirewallSslsshprofileSslArgs

AllowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertProbeFailure string
Action based on certificate probe failure. Valid values: block, allow.
CertValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
EncryptedClientHello string
Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
ExpiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
InspectAll string
Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
InvalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
RevokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
UnsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
AllowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertProbeFailure string
Action based on certificate probe failure. Valid values: block, allow.
CertValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
EncryptedClientHello string
Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
ExpiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
InspectAll string
Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
InvalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
RevokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
UnsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert String
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure String
Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure String
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String
Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello String
Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert String
Action based on server certificate is expired. Valid values: allow, block, ignore.
inspectAll String
Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalidServerCert String
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
revokedServerCert String
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
unsupportedSsl String
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert string
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure string
Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure string
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest string
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate string
Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello string
Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert string
Action based on server certificate is expired. Valid values: allow, block, ignore.
inspectAll string
Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalidServerCert string
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion string
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
revokedServerCert string
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck string
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
unsupportedSsl string
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher string
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation string
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion string
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert string
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert string
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allow_invalid_server_cert str
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
cert_probe_failure str
Action based on certificate probe failure. Valid values: block, allow.
cert_validation_failure str
Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str
Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_cert_request str
Action based on client certificate request. Valid values: bypass, inspect, block.
client_certificate str
Action based on received client certificate. Valid values: bypass, inspect, block.
encrypted_client_hello str
Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expired_server_cert str
Action based on server certificate is expired. Valid values: allow, block, ignore.
inspect_all str
Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalid_server_cert str
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
min_allowed_ssl_version str
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
revoked_server_cert str
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sni_server_cert_check str
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
unsupported_ssl str
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupported_ssl_cipher str
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupported_ssl_negotiation str
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupported_ssl_version str
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_cert str
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrusted_server_cert str
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
allowInvalidServerCert String
When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure String
Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure String
Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String
Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String
Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String
Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello String
Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert String
Action based on server certificate is expired. Valid values: allow, block, ignore.
inspectAll String
Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalidServerCert String
Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String
Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
revokedServerCert String
Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String
Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
unsupportedSsl String
Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String
Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String
Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String
Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String
Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String
Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

ObjectFirewallSslsshprofileSslExempt
, ObjectFirewallSslsshprofileSslExemptArgs

Address string
IPv4 address object.
Address6 string
IPv6 address object.
FortiguardCategories List<string>
FortiGuard category ID.
Id double
ID number.
Regex string
Exempt servers by regular expression.
Type string
Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
WildcardFqdns List<string>
Exempt servers by wildcard FQDN.
Address string
IPv4 address object.
Address6 string
IPv6 address object.
FortiguardCategories []string
FortiGuard category ID.
Id float64
ID number.
Regex string
Exempt servers by regular expression.
Type string
Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
WildcardFqdns []string
Exempt servers by wildcard FQDN.
address String
IPv4 address object.
address6 String
IPv6 address object.
fortiguardCategories List<String>
FortiGuard category ID.
id Double
ID number.
regex String
Exempt servers by regular expression.
type String
Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
wildcardFqdns List<String>
Exempt servers by wildcard FQDN.
address string
IPv4 address object.
address6 string
IPv6 address object.
fortiguardCategories string[]
FortiGuard category ID.
id number
ID number.
regex string
Exempt servers by regular expression.
type string
Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
wildcardFqdns string[]
Exempt servers by wildcard FQDN.
address str
IPv4 address object.
address6 str
IPv6 address object.
fortiguard_categories Sequence[str]
FortiGuard category ID.
id float
ID number.
regex str
Exempt servers by regular expression.
type str
Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
wildcard_fqdns Sequence[str]
Exempt servers by wildcard FQDN.
address String
IPv4 address object.
address6 String
IPv6 address object.
fortiguardCategories List<String>
FortiGuard category ID.
id Number
ID number.
regex String
Exempt servers by regular expression.
type String
Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
wildcardFqdns List<String>
Exempt servers by wildcard FQDN.

ObjectFirewallSslsshprofileSslServer
, ObjectFirewallSslsshprofileSslServerArgs

FtpsClientCertRequest string
Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
FtpsClientCertificate string
Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
HttpsClientCertRequest string
Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
HttpsClientCertificate string
Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
Id double
SSL server ID.
ImapsClientCertRequest string
Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
ImapsClientCertificate string
Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
Ip string
IPv4 address of the SSL server.
Pop3sClientCertRequest string
Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
Pop3sClientCertificate string
Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
SmtpsClientCertRequest string
Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
SmtpsClientCertificate string
Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
SslOtherClientCertRequest string
Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
SslOtherClientCertificate string
Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.
FtpsClientCertRequest string
Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
FtpsClientCertificate string
Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
HttpsClientCertRequest string
Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
HttpsClientCertificate string
Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
Id float64
SSL server ID.
ImapsClientCertRequest string
Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
ImapsClientCertificate string
Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
Ip string
IPv4 address of the SSL server.
Pop3sClientCertRequest string
Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
Pop3sClientCertificate string
Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
SmtpsClientCertRequest string
Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
SmtpsClientCertificate string
Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
SslOtherClientCertRequest string
Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
SslOtherClientCertificate string
Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.
ftpsClientCertRequest String
Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
ftpsClientCertificate String
Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
httpsClientCertRequest String
Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
httpsClientCertificate String
Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
id Double
SSL server ID.
imapsClientCertRequest String
Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
imapsClientCertificate String
Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
ip String
IPv4 address of the SSL server.
pop3sClientCertRequest String
Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
pop3sClientCertificate String
Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
smtpsClientCertRequest String
Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
smtpsClientCertificate String
Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
sslOtherClientCertRequest String
Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
sslOtherClientCertificate String
Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.
ftpsClientCertRequest string
Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
ftpsClientCertificate string
Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
httpsClientCertRequest string
Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
httpsClientCertificate string
Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
id number
SSL server ID.
imapsClientCertRequest string
Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
imapsClientCertificate string
Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
ip string
IPv4 address of the SSL server.
pop3sClientCertRequest string
Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
pop3sClientCertificate string
Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
smtpsClientCertRequest string
Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
smtpsClientCertificate string
Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
sslOtherClientCertRequest string
Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
sslOtherClientCertificate string
Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.
ftps_client_cert_request str
Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
ftps_client_certificate str
Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
https_client_cert_request str
Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
https_client_certificate str
Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
id float
SSL server ID.
imaps_client_cert_request str
Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
imaps_client_certificate str
Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
ip str
IPv4 address of the SSL server.
pop3s_client_cert_request str
Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
pop3s_client_certificate str
Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
smtps_client_cert_request str
Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
smtps_client_certificate str
Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
ssl_other_client_cert_request str
Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
ssl_other_client_certificate str
Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.
ftpsClientCertRequest String
Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
ftpsClientCertificate String
Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
httpsClientCertRequest String
Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
httpsClientCertificate String
Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
id Number
SSL server ID.
imapsClientCertRequest String
Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
imapsClientCertificate String
Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
ip String
IPv4 address of the SSL server.
pop3sClientCertRequest String
Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
pop3sClientCertificate String
Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
smtpsClientCertRequest String
Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
smtpsClientCertificate String
Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
sslOtherClientCertRequest String
Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
sslOtherClientCertificate String
Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.

Import

ObjectFirewall SslSshProfile can be imported using any of these accepted formats:

$ export “FORTIMANAGER_IMPORT_TABLE”=“true”

$ pulumi import fortimanager:index/objectFirewallSslsshprofile:ObjectFirewallSslsshprofile labelname {{name}}
Copy

$ unset “FORTIMANAGER_IMPORT_TABLE”

-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
fortimanager fortinetdev/terraform-provider-fortimanager
License
Notes
This Pulumi package is based on the fortimanager Terraform Provider.