Docs Home
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
fortimanager.ObjectFirewallSslsshprofile
Explore with Pulumi AI
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
Configure SSL/SSH protocol options.
The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.
dot:fortimanager.ObjectFirewallSslsshprofileDotech_outer_sni:fortimanager.ObjectFirewallSslsshprofileEchoutersniftps:fortimanager.ObjectFirewallSslsshprofileFtpshttps:fortimanager.ObjectFirewallSslsshprofileHttpsimaps:fortimanager.ObjectFirewallSslsshprofileImapspop3s:fortimanager.ObjectFirewallSslsshprofilePop3ssmtps:fortimanager.ObjectFirewallSslsshprofileSmtpsssh:fortimanager.ObjectFirewallSslsshprofileSshssl:fortimanager.ObjectFirewallSslsshprofileSslssl_exempt:fortimanager.ObjectFirewallSslsshprofileSslexemptssl_server:fortimanager.ObjectFirewallSslsshprofileSslserver
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";
const trname = new fortimanager.ObjectFirewallSslsshprofile("trname", {
comment: "terraform-comment1",
mapiOverHttps: "disable",
useSslServer: "disable",
whitelist: "enable",
});
import pulumi
import pulumi_fortimanager as fortimanager
trname = fortimanager.ObjectFirewallSslsshprofile("trname",
comment="terraform-comment1",
mapi_over_https="disable",
use_ssl_server="disable",
whitelist="enable")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fortimanager.NewObjectFirewallSslsshprofile(ctx, "trname", &fortimanager.ObjectFirewallSslsshprofileArgs{
Comment: pulumi.String("terraform-comment1"),
MapiOverHttps: pulumi.String("disable"),
UseSslServer: pulumi.String("disable"),
Whitelist: pulumi.String("enable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;
return await Deployment.RunAsync(() =>
{
var trname = new Fortimanager.ObjectFirewallSslsshprofile("trname", new()
{
Comment = "terraform-comment1",
MapiOverHttps = "disable",
UseSslServer = "disable",
Whitelist = "enable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.ObjectFirewallSslsshprofile;
import com.pulumi.fortimanager.ObjectFirewallSslsshprofileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new ObjectFirewallSslsshprofile("trname", ObjectFirewallSslsshprofileArgs.builder()
.comment("terraform-comment1")
.mapiOverHttps("disable")
.useSslServer("disable")
.whitelist("enable")
.build());
}
}
resources:
trname:
type: fortimanager:ObjectFirewallSslsshprofile
properties:
comment: terraform-comment1
mapiOverHttps: disable
useSslServer: disable
whitelist: enable
Create ObjectFirewallSslsshprofile Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectFirewallSslsshprofile(name: string, args?: ObjectFirewallSslsshprofileArgs, opts?: CustomResourceOptions);@overload
def ObjectFirewallSslsshprofile(resource_name: str,
args: Optional[ObjectFirewallSslsshprofileArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ObjectFirewallSslsshprofile(resource_name: str,
opts: Optional[ResourceOptions] = None,
adom: Optional[str] = None,
allowlist: Optional[str] = None,
block_blacklisted_certificates: Optional[str] = None,
block_blocklisted_certificates: Optional[str] = None,
caname: Optional[str] = None,
comment: Optional[str] = None,
dot: Optional[ObjectFirewallSslsshprofileDotArgs] = None,
dynamic_sort_subtable: Optional[str] = None,
ech_outer_snis: Optional[Sequence[ObjectFirewallSslsshprofileEchOuterSniArgs]] = None,
ftps: Optional[ObjectFirewallSslsshprofileFtpsArgs] = None,
https: Optional[ObjectFirewallSslsshprofileHttpsArgs] = None,
imaps: Optional[ObjectFirewallSslsshprofileImapsArgs] = None,
mapi_over_https: Optional[str] = None,
name: Optional[str] = None,
object_firewall_sslsshprofile_id: Optional[str] = None,
pop3s: Optional[ObjectFirewallSslsshprofilePop3sArgs] = None,
rpc_over_https: Optional[str] = None,
scopetype: Optional[str] = None,
server_cert: Optional[str] = None,
server_cert_mode: Optional[str] = None,
smtps: Optional[ObjectFirewallSslsshprofileSmtpsArgs] = None,
ssh: Optional[ObjectFirewallSslsshprofileSshArgs] = None,
ssl: Optional[ObjectFirewallSslsshprofileSslArgs] = None,
ssl_anomalies_log: Optional[str] = None,
ssl_anomaly_log: Optional[str] = None,
ssl_exemption_ip_rating: Optional[str] = None,
ssl_exemption_log: Optional[str] = None,
ssl_exemptions_log: Optional[str] = None,
ssl_exempts: Optional[Sequence[ObjectFirewallSslsshprofileSslExemptArgs]] = None,
ssl_handshake_log: Optional[str] = None,
ssl_negotiation_log: Optional[str] = None,
ssl_server_cert_log: Optional[str] = None,
ssl_servers: Optional[Sequence[ObjectFirewallSslsshprofileSslServerArgs]] = None,
supported_alpn: Optional[str] = None,
untrusted_caname: Optional[str] = None,
use_ssl_server: Optional[str] = None,
whitelist: Optional[str] = None)func NewObjectFirewallSslsshprofile(ctx *Context, name string, args *ObjectFirewallSslsshprofileArgs, opts ...ResourceOption) (*ObjectFirewallSslsshprofile, error)public ObjectFirewallSslsshprofile(string name, ObjectFirewallSslsshprofileArgs? args = null, CustomResourceOptions? opts = null)public ObjectFirewallSslsshprofile(String name, ObjectFirewallSslsshprofileArgs args)
public ObjectFirewallSslsshprofile(String name, ObjectFirewallSslsshprofileArgs args, CustomResourceOptions options)
type: fortimanager:ObjectFirewallSslsshprofile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args ObjectFirewallSslsshprofileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args ObjectFirewallSslsshprofileArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args ObjectFirewallSslsshprofileArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args ObjectFirewallSslsshprofileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. ObjectFirewallSslsshprofileArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectFirewallSslsshprofileResource = new Fortimanager.ObjectFirewallSslsshprofile("objectFirewallSslsshprofileResource", new()
{
Adom = "string",
Allowlist = "string",
BlockBlacklistedCertificates = "string",
BlockBlocklistedCertificates = "string",
Caname = "string",
Comment = "string",
Dot = new Fortimanager.Inputs.ObjectFirewallSslsshprofileDotArgs
{
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertificate = "string",
ExpiredServerCert = "string",
MinAllowedSslVersion = "string",
ProxyAfterTcpHandshake = "string",
Quic = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
Status = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedServerCert = "string",
},
DynamicSortSubtable = "string",
EchOuterSnis = new[]
{
new Fortimanager.Inputs.ObjectFirewallSslsshprofileEchOuterSniArgs
{
Name = "string",
Sni = "string",
},
},
Ftps = new Fortimanager.Inputs.ObjectFirewallSslsshprofileFtpsArgs
{
AllowInvalidServerCert = "string",
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertRequest = "string",
ClientCertificate = "string",
ExpiredServerCert = "string",
InvalidServerCert = "string",
MinAllowedSslVersion = "string",
Ports = new[]
{
0,
},
RevokedServerCert = "string",
SniServerCertCheck = "string",
Status = "string",
UnsupportedSsl = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedCert = "string",
UntrustedServerCert = "string",
},
Https = new Fortimanager.Inputs.ObjectFirewallSslsshprofileHttpsArgs
{
AllowInvalidServerCert = "string",
CertProbeFailure = "string",
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertRequest = "string",
ClientCertificate = "string",
EncryptedClientHello = "string",
ExpiredServerCert = "string",
InvalidServerCert = "string",
MinAllowedSslVersion = "string",
Ports = new[]
{
0,
},
ProxyAfterTcpHandshake = "string",
Quic = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
Status = "string",
UnsupportedSsl = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedCert = "string",
UntrustedServerCert = "string",
},
Imaps = new Fortimanager.Inputs.ObjectFirewallSslsshprofileImapsArgs
{
AllowInvalidServerCert = "string",
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertRequest = "string",
ClientCertificate = "string",
ExpiredServerCert = "string",
InvalidServerCert = "string",
MinAllowedSslVersion = "string",
Ports = new[]
{
0,
},
ProxyAfterTcpHandshake = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
Status = "string",
UnsupportedSsl = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedCert = "string",
UntrustedServerCert = "string",
},
MapiOverHttps = "string",
Name = "string",
ObjectFirewallSslsshprofileId = "string",
Pop3s = new Fortimanager.Inputs.ObjectFirewallSslsshprofilePop3sArgs
{
AllowInvalidServerCert = "string",
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertRequest = "string",
ClientCertificate = "string",
ExpiredServerCert = "string",
InvalidServerCert = "string",
MinAllowedSslVersion = "string",
Ports = new[]
{
0,
},
ProxyAfterTcpHandshake = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
Status = "string",
UnsupportedSsl = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedCert = "string",
UntrustedServerCert = "string",
},
RpcOverHttps = "string",
Scopetype = "string",
ServerCert = "string",
ServerCertMode = "string",
Smtps = new Fortimanager.Inputs.ObjectFirewallSslsshprofileSmtpsArgs
{
AllowInvalidServerCert = "string",
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertRequest = "string",
ClientCertificate = "string",
ExpiredServerCert = "string",
InvalidServerCert = "string",
MinAllowedSslVersion = "string",
Ports = new[]
{
0,
},
ProxyAfterTcpHandshake = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
Status = "string",
UnsupportedSsl = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedCert = "string",
UntrustedServerCert = "string",
},
Ssh = new Fortimanager.Inputs.ObjectFirewallSslsshprofileSshArgs
{
InspectAll = "string",
Ports = new[]
{
0,
},
ProxyAfterTcpHandshake = "string",
SshAlgorithm = "string",
SshPolicyCheck = "string",
SshTunPolicyCheck = "string",
Status = "string",
UnsupportedVersion = "string",
},
Ssl = new Fortimanager.Inputs.ObjectFirewallSslsshprofileSslArgs
{
AllowInvalidServerCert = "string",
CertProbeFailure = "string",
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertRequest = "string",
ClientCertificate = "string",
EncryptedClientHello = "string",
ExpiredServerCert = "string",
InspectAll = "string",
InvalidServerCert = "string",
MinAllowedSslVersion = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
UnsupportedSsl = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedCert = "string",
UntrustedServerCert = "string",
},
SslAnomaliesLog = "string",
SslAnomalyLog = "string",
SslExemptionIpRating = "string",
SslExemptionLog = "string",
SslExemptionsLog = "string",
SslExempts = new[]
{
new Fortimanager.Inputs.ObjectFirewallSslsshprofileSslExemptArgs
{
Address = "string",
Address6 = "string",
FortiguardCategories = new[]
{
"string",
},
Id = 0,
Regex = "string",
Type = "string",
WildcardFqdns = new[]
{
"string",
},
},
},
SslHandshakeLog = "string",
SslNegotiationLog = "string",
SslServerCertLog = "string",
SslServers = new[]
{
new Fortimanager.Inputs.ObjectFirewallSslsshprofileSslServerArgs
{
FtpsClientCertRequest = "string",
FtpsClientCertificate = "string",
HttpsClientCertRequest = "string",
HttpsClientCertificate = "string",
Id = 0,
ImapsClientCertRequest = "string",
ImapsClientCertificate = "string",
Ip = "string",
Pop3sClientCertRequest = "string",
Pop3sClientCertificate = "string",
SmtpsClientCertRequest = "string",
SmtpsClientCertificate = "string",
SslOtherClientCertRequest = "string",
SslOtherClientCertificate = "string",
},
},
SupportedAlpn = "string",
UntrustedCaname = "string",
UseSslServer = "string",
Whitelist = "string",
});
example, err := fortimanager.NewObjectFirewallSslsshprofile(ctx, "objectFirewallSslsshprofileResource", &fortimanager.ObjectFirewallSslsshprofileArgs{
Adom: pulumi.String("string"),
Allowlist: pulumi.String("string"),
BlockBlacklistedCertificates: pulumi.String("string"),
BlockBlocklistedCertificates: pulumi.String("string"),
Caname: pulumi.String("string"),
Comment: pulumi.String("string"),
Dot: &.ObjectFirewallSslsshprofileDotTypeArgs{
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
ProxyAfterTcpHandshake: pulumi.String("string"),
Quic: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
DynamicSortSubtable: pulumi.String("string"),
EchOuterSnis: .ObjectFirewallSslsshprofileEchOuterSniTypeArray{
&.ObjectFirewallSslsshprofileEchOuterSniTypeArgs{
Name: pulumi.String("string"),
Sni: pulumi.String("string"),
},
},
Ftps: &.ObjectFirewallSslsshprofileFtpsTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
Https: &.ObjectFirewallSslsshprofileHttpsTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertProbeFailure: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
EncryptedClientHello: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
Quic: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
Imaps: &.ObjectFirewallSslsshprofileImapsTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
MapiOverHttps: pulumi.String("string"),
Name: pulumi.String("string"),
ObjectFirewallSslsshprofileId: pulumi.String("string"),
Pop3s: &.ObjectFirewallSslsshprofilePop3sTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
RpcOverHttps: pulumi.String("string"),
Scopetype: pulumi.String("string"),
ServerCert: pulumi.String("string"),
ServerCertMode: pulumi.String("string"),
Smtps: &.ObjectFirewallSslsshprofileSmtpsTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
Ssh: &.ObjectFirewallSslsshprofileSshTypeArgs{
InspectAll: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
SshAlgorithm: pulumi.String("string"),
SshPolicyCheck: pulumi.String("string"),
SshTunPolicyCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedVersion: pulumi.String("string"),
},
Ssl: &.ObjectFirewallSslsshprofileSslTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertProbeFailure: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
EncryptedClientHello: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InspectAll: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
SslAnomaliesLog: pulumi.String("string"),
SslAnomalyLog: pulumi.String("string"),
SslExemptionIpRating: pulumi.String("string"),
SslExemptionLog: pulumi.String("string"),
SslExemptionsLog: pulumi.String("string"),
SslExempts: .ObjectFirewallSslsshprofileSslExemptTypeArray{
&.ObjectFirewallSslsshprofileSslExemptTypeArgs{
Address: pulumi.String("string"),
Address6: pulumi.String("string"),
FortiguardCategories: pulumi.StringArray{
pulumi.String("string"),
},
Id: pulumi.Float64(0),
Regex: pulumi.String("string"),
Type: pulumi.String("string"),
WildcardFqdns: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslHandshakeLog: pulumi.String("string"),
SslNegotiationLog: pulumi.String("string"),
SslServerCertLog: pulumi.String("string"),
SslServers: .ObjectFirewallSslsshprofileSslServerTypeArray{
&.ObjectFirewallSslsshprofileSslServerTypeArgs{
FtpsClientCertRequest: pulumi.String("string"),
FtpsClientCertificate: pulumi.String("string"),
HttpsClientCertRequest: pulumi.String("string"),
HttpsClientCertificate: pulumi.String("string"),
Id: pulumi.Float64(0),
ImapsClientCertRequest: pulumi.String("string"),
ImapsClientCertificate: pulumi.String("string"),
Ip: pulumi.String("string"),
Pop3sClientCertRequest: pulumi.String("string"),
Pop3sClientCertificate: pulumi.String("string"),
SmtpsClientCertRequest: pulumi.String("string"),
SmtpsClientCertificate: pulumi.String("string"),
SslOtherClientCertRequest: pulumi.String("string"),
SslOtherClientCertificate: pulumi.String("string"),
},
},
SupportedAlpn: pulumi.String("string"),
UntrustedCaname: pulumi.String("string"),
UseSslServer: pulumi.String("string"),
Whitelist: pulumi.String("string"),
})
var objectFirewallSslsshprofileResource = new ObjectFirewallSslsshprofile("objectFirewallSslsshprofileResource", ObjectFirewallSslsshprofileArgs.builder()
.adom("string")
.allowlist("string")
.blockBlacklistedCertificates("string")
.blockBlocklistedCertificates("string")
.caname("string")
.comment("string")
.dot(ObjectFirewallSslsshprofileDotArgs.builder()
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertificate("string")
.expiredServerCert("string")
.minAllowedSslVersion("string")
.proxyAfterTcpHandshake("string")
.quic("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.status("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedServerCert("string")
.build())
.dynamicSortSubtable("string")
.echOuterSnis(ObjectFirewallSslsshprofileEchOuterSniArgs.builder()
.name("string")
.sni("string")
.build())
.ftps(ObjectFirewallSslsshprofileFtpsArgs.builder()
.allowInvalidServerCert("string")
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertRequest("string")
.clientCertificate("string")
.expiredServerCert("string")
.invalidServerCert("string")
.minAllowedSslVersion("string")
.ports(0)
.revokedServerCert("string")
.sniServerCertCheck("string")
.status("string")
.unsupportedSsl("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedCert("string")
.untrustedServerCert("string")
.build())
.https(ObjectFirewallSslsshprofileHttpsArgs.builder()
.allowInvalidServerCert("string")
.certProbeFailure("string")
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertRequest("string")
.clientCertificate("string")
.encryptedClientHello("string")
.expiredServerCert("string")
.invalidServerCert("string")
.minAllowedSslVersion("string")
.ports(0)
.proxyAfterTcpHandshake("string")
.quic("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.status("string")
.unsupportedSsl("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedCert("string")
.untrustedServerCert("string")
.build())
.imaps(ObjectFirewallSslsshprofileImapsArgs.builder()
.allowInvalidServerCert("string")
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertRequest("string")
.clientCertificate("string")
.expiredServerCert("string")
.invalidServerCert("string")
.minAllowedSslVersion("string")
.ports(0)
.proxyAfterTcpHandshake("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.status("string")
.unsupportedSsl("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedCert("string")
.untrustedServerCert("string")
.build())
.mapiOverHttps("string")
.name("string")
.objectFirewallSslsshprofileId("string")
.pop3s(ObjectFirewallSslsshprofilePop3sArgs.builder()
.allowInvalidServerCert("string")
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertRequest("string")
.clientCertificate("string")
.expiredServerCert("string")
.invalidServerCert("string")
.minAllowedSslVersion("string")
.ports(0)
.proxyAfterTcpHandshake("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.status("string")
.unsupportedSsl("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedCert("string")
.untrustedServerCert("string")
.build())
.rpcOverHttps("string")
.scopetype("string")
.serverCert("string")
.serverCertMode("string")
.smtps(ObjectFirewallSslsshprofileSmtpsArgs.builder()
.allowInvalidServerCert("string")
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertRequest("string")
.clientCertificate("string")
.expiredServerCert("string")
.invalidServerCert("string")
.minAllowedSslVersion("string")
.ports(0)
.proxyAfterTcpHandshake("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.status("string")
.unsupportedSsl("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedCert("string")
.untrustedServerCert("string")
.build())
.ssh(ObjectFirewallSslsshprofileSshArgs.builder()
.inspectAll("string")
.ports(0)
.proxyAfterTcpHandshake("string")
.sshAlgorithm("string")
.sshPolicyCheck("string")
.sshTunPolicyCheck("string")
.status("string")
.unsupportedVersion("string")
.build())
.ssl(ObjectFirewallSslsshprofileSslArgs.builder()
.allowInvalidServerCert("string")
.certProbeFailure("string")
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertRequest("string")
.clientCertificate("string")
.encryptedClientHello("string")
.expiredServerCert("string")
.inspectAll("string")
.invalidServerCert("string")
.minAllowedSslVersion("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.unsupportedSsl("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedCert("string")
.untrustedServerCert("string")
.build())
.sslAnomaliesLog("string")
.sslAnomalyLog("string")
.sslExemptionIpRating("string")
.sslExemptionLog("string")
.sslExemptionsLog("string")
.sslExempts(ObjectFirewallSslsshprofileSslExemptArgs.builder()
.address("string")
.address6("string")
.fortiguardCategories("string")
.id(0)
.regex("string")
.type("string")
.wildcardFqdns("string")
.build())
.sslHandshakeLog("string")
.sslNegotiationLog("string")
.sslServerCertLog("string")
.sslServers(ObjectFirewallSslsshprofileSslServerArgs.builder()
.ftpsClientCertRequest("string")
.ftpsClientCertificate("string")
.httpsClientCertRequest("string")
.httpsClientCertificate("string")
.id(0)
.imapsClientCertRequest("string")
.imapsClientCertificate("string")
.ip("string")
.pop3sClientCertRequest("string")
.pop3sClientCertificate("string")
.smtpsClientCertRequest("string")
.smtpsClientCertificate("string")
.sslOtherClientCertRequest("string")
.sslOtherClientCertificate("string")
.build())
.supportedAlpn("string")
.untrustedCaname("string")
.useSslServer("string")
.whitelist("string")
.build());
object_firewall_sslsshprofile_resource = fortimanager.ObjectFirewallSslsshprofile("objectFirewallSslsshprofileResource",
adom="string",
allowlist="string",
block_blacklisted_certificates="string",
block_blocklisted_certificates="string",
caname="string",
comment="string",
dot={
"cert_validation_failure": "string",
"cert_validation_timeout": "string",
"client_certificate": "string",
"expired_server_cert": "string",
"min_allowed_ssl_version": "string",
"proxy_after_tcp_handshake": "string",
"quic": "string",
"revoked_server_cert": "string",
"sni_server_cert_check": "string",
"status": "string",
"unsupported_ssl_cipher": "string",
"unsupported_ssl_negotiation": "string",
"unsupported_ssl_version": "string",
"untrusted_server_cert": "string",
},
dynamic_sort_subtable="string",
ech_outer_snis=[{
"name": "string",
"sni": "string",
}],
ftps={
"allow_invalid_server_cert": "string",
"cert_validation_failure": "string",
"cert_validation_timeout": "string",
"client_cert_request": "string",
"client_certificate": "string",
"expired_server_cert": "string",
"invalid_server_cert": "string",
"min_allowed_ssl_version": "string",
"ports": [0],
"revoked_server_cert": "string",
"sni_server_cert_check": "string",
"status": "string",
"unsupported_ssl": "string",
"unsupported_ssl_cipher": "string",
"unsupported_ssl_negotiation": "string",
"unsupported_ssl_version": "string",
"untrusted_cert": "string",
"untrusted_server_cert": "string",
},
https={
"allow_invalid_server_cert": "string",
"cert_probe_failure": "string",
"cert_validation_failure": "string",
"cert_validation_timeout": "string",
"client_cert_request": "string",
"client_certificate": "string",
"encrypted_client_hello": "string",
"expired_server_cert": "string",
"invalid_server_cert": "string",
"min_allowed_ssl_version": "string",
"ports": [0],
"proxy_after_tcp_handshake": "string",
"quic": "string",
"revoked_server_cert": "string",
"sni_server_cert_check": "string",
"status": "string",
"unsupported_ssl": "string",
"unsupported_ssl_cipher": "string",
"unsupported_ssl_negotiation": "string",
"unsupported_ssl_version": "string",
"untrusted_cert": "string",
"untrusted_server_cert": "string",
},
imaps={
"allow_invalid_server_cert": "string",
"cert_validation_failure": "string",
"cert_validation_timeout": "string",
"client_cert_request": "string",
"client_certificate": "string",
"expired_server_cert": "string",
"invalid_server_cert": "string",
"min_allowed_ssl_version": "string",
"ports": [0],
"proxy_after_tcp_handshake": "string",
"revoked_server_cert": "string",
"sni_server_cert_check": "string",
"status": "string",
"unsupported_ssl": "string",
"unsupported_ssl_cipher": "string",
"unsupported_ssl_negotiation": "string",
"unsupported_ssl_version": "string",
"untrusted_cert": "string",
"untrusted_server_cert": "string",
},
mapi_over_https="string",
name="string",
object_firewall_sslsshprofile_id="string",
pop3s={
"allow_invalid_server_cert": "string",
"cert_validation_failure": "string",
"cert_validation_timeout": "string",
"client_cert_request": "string",
"client_certificate": "string",
"expired_server_cert": "string",
"invalid_server_cert": "string",
"min_allowed_ssl_version": "string",
"ports": [0],
"proxy_after_tcp_handshake": "string",
"revoked_server_cert": "string",
"sni_server_cert_check": "string",
"status": "string",
"unsupported_ssl": "string",
"unsupported_ssl_cipher": "string",
"unsupported_ssl_negotiation": "string",
"unsupported_ssl_version": "string",
"untrusted_cert": "string",
"untrusted_server_cert": "string",
},
rpc_over_https="string",
scopetype="string",
server_cert="string",
server_cert_mode="string",
smtps={
"allow_invalid_server_cert": "string",
"cert_validation_failure": "string",
"cert_validation_timeout": "string",
"client_cert_request": "string",
"client_certificate": "string",
"expired_server_cert": "string",
"invalid_server_cert": "string",
"min_allowed_ssl_version": "string",
"ports": [0],
"proxy_after_tcp_handshake": "string",
"revoked_server_cert": "string",
"sni_server_cert_check": "string",
"status": "string",
"unsupported_ssl": "string",
"unsupported_ssl_cipher": "string",
"unsupported_ssl_negotiation": "string",
"unsupported_ssl_version": "string",
"untrusted_cert": "string",
"untrusted_server_cert": "string",
},
ssh={
"inspect_all": "string",
"ports": [0],
"proxy_after_tcp_handshake": "string",
"ssh_algorithm": "string",
"ssh_policy_check": "string",
"ssh_tun_policy_check": "string",
"status": "string",
"unsupported_version": "string",
},
ssl={
"allow_invalid_server_cert": "string",
"cert_probe_failure": "string",
"cert_validation_failure": "string",
"cert_validation_timeout": "string",
"client_cert_request": "string",
"client_certificate": "string",
"encrypted_client_hello": "string",
"expired_server_cert": "string",
"inspect_all": "string",
"invalid_server_cert": "string",
"min_allowed_ssl_version": "string",
"revoked_server_cert": "string",
"sni_server_cert_check": "string",
"unsupported_ssl": "string",
"unsupported_ssl_cipher": "string",
"unsupported_ssl_negotiation": "string",
"unsupported_ssl_version": "string",
"untrusted_cert": "string",
"untrusted_server_cert": "string",
},
ssl_anomalies_log="string",
ssl_anomaly_log="string",
ssl_exemption_ip_rating="string",
ssl_exemption_log="string",
ssl_exemptions_log="string",
ssl_exempts=[{
"address": "string",
"address6": "string",
"fortiguard_categories": ["string"],
"id": 0,
"regex": "string",
"type": "string",
"wildcard_fqdns": ["string"],
}],
ssl_handshake_log="string",
ssl_negotiation_log="string",
ssl_server_cert_log="string",
ssl_servers=[{
"ftps_client_cert_request": "string",
"ftps_client_certificate": "string",
"https_client_cert_request": "string",
"https_client_certificate": "string",
"id": 0,
"imaps_client_cert_request": "string",
"imaps_client_certificate": "string",
"ip": "string",
"pop3s_client_cert_request": "string",
"pop3s_client_certificate": "string",
"smtps_client_cert_request": "string",
"smtps_client_certificate": "string",
"ssl_other_client_cert_request": "string",
"ssl_other_client_certificate": "string",
}],
supported_alpn="string",
untrusted_caname="string",
use_ssl_server="string",
whitelist="string")
const objectFirewallSslsshprofileResource = new fortimanager.ObjectFirewallSslsshprofile("objectFirewallSslsshprofileResource", {
adom: "string",
allowlist: "string",
blockBlacklistedCertificates: "string",
blockBlocklistedCertificates: "string",
caname: "string",
comment: "string",
dot: {
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertificate: "string",
expiredServerCert: "string",
minAllowedSslVersion: "string",
proxyAfterTcpHandshake: "string",
quic: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
status: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedServerCert: "string",
},
dynamicSortSubtable: "string",
echOuterSnis: [{
name: "string",
sni: "string",
}],
ftps: {
allowInvalidServerCert: "string",
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertRequest: "string",
clientCertificate: "string",
expiredServerCert: "string",
invalidServerCert: "string",
minAllowedSslVersion: "string",
ports: [0],
revokedServerCert: "string",
sniServerCertCheck: "string",
status: "string",
unsupportedSsl: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedCert: "string",
untrustedServerCert: "string",
},
https: {
allowInvalidServerCert: "string",
certProbeFailure: "string",
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertRequest: "string",
clientCertificate: "string",
encryptedClientHello: "string",
expiredServerCert: "string",
invalidServerCert: "string",
minAllowedSslVersion: "string",
ports: [0],
proxyAfterTcpHandshake: "string",
quic: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
status: "string",
unsupportedSsl: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedCert: "string",
untrustedServerCert: "string",
},
imaps: {
allowInvalidServerCert: "string",
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertRequest: "string",
clientCertificate: "string",
expiredServerCert: "string",
invalidServerCert: "string",
minAllowedSslVersion: "string",
ports: [0],
proxyAfterTcpHandshake: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
status: "string",
unsupportedSsl: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedCert: "string",
untrustedServerCert: "string",
},
mapiOverHttps: "string",
name: "string",
objectFirewallSslsshprofileId: "string",
pop3s: {
allowInvalidServerCert: "string",
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertRequest: "string",
clientCertificate: "string",
expiredServerCert: "string",
invalidServerCert: "string",
minAllowedSslVersion: "string",
ports: [0],
proxyAfterTcpHandshake: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
status: "string",
unsupportedSsl: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedCert: "string",
untrustedServerCert: "string",
},
rpcOverHttps: "string",
scopetype: "string",
serverCert: "string",
serverCertMode: "string",
smtps: {
allowInvalidServerCert: "string",
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertRequest: "string",
clientCertificate: "string",
expiredServerCert: "string",
invalidServerCert: "string",
minAllowedSslVersion: "string",
ports: [0],
proxyAfterTcpHandshake: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
status: "string",
unsupportedSsl: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedCert: "string",
untrustedServerCert: "string",
},
ssh: {
inspectAll: "string",
ports: [0],
proxyAfterTcpHandshake: "string",
sshAlgorithm: "string",
sshPolicyCheck: "string",
sshTunPolicyCheck: "string",
status: "string",
unsupportedVersion: "string",
},
ssl: {
allowInvalidServerCert: "string",
certProbeFailure: "string",
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertRequest: "string",
clientCertificate: "string",
encryptedClientHello: "string",
expiredServerCert: "string",
inspectAll: "string",
invalidServerCert: "string",
minAllowedSslVersion: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
unsupportedSsl: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedCert: "string",
untrustedServerCert: "string",
},
sslAnomaliesLog: "string",
sslAnomalyLog: "string",
sslExemptionIpRating: "string",
sslExemptionLog: "string",
sslExemptionsLog: "string",
sslExempts: [{
address: "string",
address6: "string",
fortiguardCategories: ["string"],
id: 0,
regex: "string",
type: "string",
wildcardFqdns: ["string"],
}],
sslHandshakeLog: "string",
sslNegotiationLog: "string",
sslServerCertLog: "string",
sslServers: [{
ftpsClientCertRequest: "string",
ftpsClientCertificate: "string",
httpsClientCertRequest: "string",
httpsClientCertificate: "string",
id: 0,
imapsClientCertRequest: "string",
imapsClientCertificate: "string",
ip: "string",
pop3sClientCertRequest: "string",
pop3sClientCertificate: "string",
smtpsClientCertRequest: "string",
smtpsClientCertificate: "string",
sslOtherClientCertRequest: "string",
sslOtherClientCertificate: "string",
}],
supportedAlpn: "string",
untrustedCaname: "string",
useSslServer: "string",
whitelist: "string",
});
type: fortimanager:ObjectFirewallSslsshprofile
properties:
adom: string
allowlist: string
blockBlacklistedCertificates: string
blockBlocklistedCertificates: string
caname: string
comment: string
dot:
certValidationFailure: string
certValidationTimeout: string
clientCertificate: string
expiredServerCert: string
minAllowedSslVersion: string
proxyAfterTcpHandshake: string
quic: string
revokedServerCert: string
sniServerCertCheck: string
status: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedServerCert: string
dynamicSortSubtable: string
echOuterSnis:
- name: string
sni: string
ftps:
allowInvalidServerCert: string
certValidationFailure: string
certValidationTimeout: string
clientCertRequest: string
clientCertificate: string
expiredServerCert: string
invalidServerCert: string
minAllowedSslVersion: string
ports:
- 0
revokedServerCert: string
sniServerCertCheck: string
status: string
unsupportedSsl: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedCert: string
untrustedServerCert: string
https:
allowInvalidServerCert: string
certProbeFailure: string
certValidationFailure: string
certValidationTimeout: string
clientCertRequest: string
clientCertificate: string
encryptedClientHello: string
expiredServerCert: string
invalidServerCert: string
minAllowedSslVersion: string
ports:
- 0
proxyAfterTcpHandshake: string
quic: string
revokedServerCert: string
sniServerCertCheck: string
status: string
unsupportedSsl: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedCert: string
untrustedServerCert: string
imaps:
allowInvalidServerCert: string
certValidationFailure: string
certValidationTimeout: string
clientCertRequest: string
clientCertificate: string
expiredServerCert: string
invalidServerCert: string
minAllowedSslVersion: string
ports:
- 0
proxyAfterTcpHandshake: string
revokedServerCert: string
sniServerCertCheck: string
status: string
unsupportedSsl: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedCert: string
untrustedServerCert: string
mapiOverHttps: string
name: string
objectFirewallSslsshprofileId: string
pop3s:
allowInvalidServerCert: string
certValidationFailure: string
certValidationTimeout: string
clientCertRequest: string
clientCertificate: string
expiredServerCert: string
invalidServerCert: string
minAllowedSslVersion: string
ports:
- 0
proxyAfterTcpHandshake: string
revokedServerCert: string
sniServerCertCheck: string
status: string
unsupportedSsl: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedCert: string
untrustedServerCert: string
rpcOverHttps: string
scopetype: string
serverCert: string
serverCertMode: string
smtps:
allowInvalidServerCert: string
certValidationFailure: string
certValidationTimeout: string
clientCertRequest: string
clientCertificate: string
expiredServerCert: string
invalidServerCert: string
minAllowedSslVersion: string
ports:
- 0
proxyAfterTcpHandshake: string
revokedServerCert: string
sniServerCertCheck: string
status: string
unsupportedSsl: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedCert: string
untrustedServerCert: string
ssh:
inspectAll: string
ports:
- 0
proxyAfterTcpHandshake: string
sshAlgorithm: string
sshPolicyCheck: string
sshTunPolicyCheck: string
status: string
unsupportedVersion: string
ssl:
allowInvalidServerCert: string
certProbeFailure: string
certValidationFailure: string
certValidationTimeout: string
clientCertRequest: string
clientCertificate: string
encryptedClientHello: string
expiredServerCert: string
inspectAll: string
invalidServerCert: string
minAllowedSslVersion: string
revokedServerCert: string
sniServerCertCheck: string
unsupportedSsl: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedCert: string
untrustedServerCert: string
sslAnomaliesLog: string
sslAnomalyLog: string
sslExemptionIpRating: string
sslExemptionLog: string
sslExemptionsLog: string
sslExempts:
- address: string
address6: string
fortiguardCategories:
- string
id: 0
regex: string
type: string
wildcardFqdns:
- string
sslHandshakeLog: string
sslNegotiationLog: string
sslServerCertLog: string
sslServers:
- ftpsClientCertRequest: string
ftpsClientCertificate: string
httpsClientCertRequest: string
httpsClientCertificate: string
id: 0
imapsClientCertRequest: string
imapsClientCertificate: string
ip: string
pop3sClientCertRequest: string
pop3sClientCertificate: string
smtpsClientCertRequest: string
smtpsClientCertificate: string
sslOtherClientCertRequest: string
sslOtherClientCertificate: string
supportedAlpn: string
untrustedCaname: string
useSslServer: string
whitelist: string
ObjectFirewallSslsshprofile Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ObjectFirewallSslsshprofile resource accepts the following input properties:
- Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Allowlist string
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
disable,enable. - Block
Blacklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - Block
Blocklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - Caname string
- CA certificate used by SSL Inspection.
- Comment string
- Optional comments.
- Dot
Object
Firewall Sslsshprofile Dot - Dot. The structure of
dotblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Ech
Outer List<ObjectSnis Firewall Sslsshprofile Ech Outer Sni> - Ech-Outer-Sni. The structure of
ech_outer_sniblock is documented below. - Ftps
Object
Firewall Sslsshprofile Ftps - Ftps. The structure of
ftpsblock is documented below. - Https
Object
Firewall Sslsshprofile Https - Https. The structure of
httpsblock is documented below. - Imaps
Object
Firewall Sslsshprofile Imaps - Imaps. The structure of
imapsblock is documented below. - Mapi
Over stringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
disable,enable. - Name string
- Name.
- Object
Firewall stringSslsshprofile Id - an identifier for the resource with format {{name}}.
- Pop3s
Object
Firewall Sslsshprofile Pop3s - Pop3S. The structure of
pop3sblock is documented below. - Rpc
Over stringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
disable,enable. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Cert string - Certificate used by SSL Inspection to replace server certificate.
- Server
Cert stringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - Smtps
Object
Firewall Sslsshprofile Smtps - Smtps. The structure of
smtpsblock is documented below. - Ssh
Object
Firewall Sslsshprofile Ssh - Ssh. The structure of
sshblock is documented below. - Ssl
Object
Firewall Sslsshprofile Ssl - Ssl. The structure of
sslblock is documented below. - Ssl
Anomalies stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Anomaly stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Exemption stringIp Rating - Enable/disable IP based URL rating. Valid values:
disable,enable. - Ssl
Exemption stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exemptions stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exempts List<ObjectFirewall Sslsshprofile Ssl Exempt> - Ssl-Exempt. The structure of
ssl_exemptblock is documented below. - Ssl
Handshake stringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - Ssl
Negotiation stringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - Ssl
Server stringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - Ssl
Servers List<ObjectFirewall Sslsshprofile Ssl Server> - Ssl-Server. The structure of
ssl_serverblock is documented below. - Supported
Alpn string - Configure ALPN option. Valid values:
none,http1-1,http2,all. - Untrusted
Caname string - Untrusted CA certificate used by SSL Inspection.
- Use
Ssl stringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - Whitelist string
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
disable,enable.
- Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Allowlist string
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
disable,enable. - Block
Blacklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - Block
Blocklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - Caname string
- CA certificate used by SSL Inspection.
- Comment string
- Optional comments.
- Dot
Object
Firewall Sslsshprofile Dot Type Args - Dot. The structure of
dotblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Ech
Outer []ObjectSnis Firewall Sslsshprofile Ech Outer Sni Type Args - Ech-Outer-Sni. The structure of
ech_outer_sniblock is documented below. - Ftps
Object
Firewall Sslsshprofile Ftps Type Args - Ftps. The structure of
ftpsblock is documented below. - Https
Object
Firewall Sslsshprofile Https Type Args - Https. The structure of
httpsblock is documented below. - Imaps
Object
Firewall Sslsshprofile Imaps Type Args - Imaps. The structure of
imapsblock is documented below. - Mapi
Over stringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
disable,enable. - Name string
- Name.
- Object
Firewall stringSslsshprofile Id - an identifier for the resource with format {{name}}.
- Pop3s
Object
Firewall Sslsshprofile Pop3s Type Args - Pop3S. The structure of
pop3sblock is documented below. - Rpc
Over stringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
disable,enable. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Cert string - Certificate used by SSL Inspection to replace server certificate.
- Server
Cert stringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - Smtps
Object
Firewall Sslsshprofile Smtps Type Args - Smtps. The structure of
smtpsblock is documented below. - Ssh
Object
Firewall Sslsshprofile Ssh Type Args - Ssh. The structure of
sshblock is documented below. - Ssl
Object
Firewall Sslsshprofile Ssl Type Args - Ssl. The structure of
sslblock is documented below. - Ssl
Anomalies stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Anomaly stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Exemption stringIp Rating - Enable/disable IP based URL rating. Valid values:
disable,enable. - Ssl
Exemption stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exemptions stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exempts []ObjectFirewall Sslsshprofile Ssl Exempt Type Args - Ssl-Exempt. The structure of
ssl_exemptblock is documented below. - Ssl
Handshake stringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - Ssl
Negotiation stringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - Ssl
Server stringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - Ssl
Servers []ObjectFirewall Sslsshprofile Ssl Server Type Args - Ssl-Server. The structure of
ssl_serverblock is documented below. - Supported
Alpn string - Configure ALPN option. Valid values:
none,http1-1,http2,all. - Untrusted
Caname string - Untrusted CA certificate used by SSL Inspection.
- Use
Ssl stringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - Whitelist string
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
disable,enable.
- adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - allowlist String
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
disable,enable. - block
Blacklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block
Blocklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname String
- CA certificate used by SSL Inspection.
- comment String
- Optional comments.
- dot
Object
Firewall Sslsshprofile Dot - Dot. The structure of
dotblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- ech
Outer List<ObjectSnis Firewall Sslsshprofile Ech Outer Sni> - Ech-Outer-Sni. The structure of
ech_outer_sniblock is documented below. - ftps
Object
Firewall Sslsshprofile Ftps - Ftps. The structure of
ftpsblock is documented below. - https
Object
Firewall Sslsshprofile Https - Https. The structure of
httpsblock is documented below. - imaps
Object
Firewall Sslsshprofile Imaps - Imaps. The structure of
imapsblock is documented below. - mapi
Over StringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
disable,enable. - name String
- Name.
- object
Firewall StringSslsshprofile Id - an identifier for the resource with format {{name}}.
- pop3s
Object
Firewall Sslsshprofile Pop3s - Pop3S. The structure of
pop3sblock is documented below. - rpc
Over StringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
disable,enable. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Cert String - Certificate used by SSL Inspection to replace server certificate.
- server
Cert StringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps
Object
Firewall Sslsshprofile Smtps - Smtps. The structure of
smtpsblock is documented below. - ssh
Object
Firewall Sslsshprofile Ssh - Ssh. The structure of
sshblock is documented below. - ssl
Object
Firewall Sslsshprofile Ssl - Ssl. The structure of
sslblock is documented below. - ssl
Anomalies StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Anomaly StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Exemption StringIp Rating - Enable/disable IP based URL rating. Valid values:
disable,enable. - ssl
Exemption StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exemptions StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exempts List<ObjectFirewall Sslsshprofile Ssl Exempt> - Ssl-Exempt. The structure of
ssl_exemptblock is documented below. - ssl
Handshake StringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl
Negotiation StringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl
Server StringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl
Servers List<ObjectFirewall Sslsshprofile Ssl Server> - Ssl-Server. The structure of
ssl_serverblock is documented below. - supported
Alpn String - Configure ALPN option. Valid values:
none,http1-1,http2,all. - untrusted
Caname String - Untrusted CA certificate used by SSL Inspection.
- use
Ssl StringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - whitelist String
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
disable,enable.
- adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - allowlist string
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
disable,enable. - block
Blacklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block
Blocklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname string
- CA certificate used by SSL Inspection.
- comment string
- Optional comments.
- dot
Object
Firewall Sslsshprofile Dot - Dot. The structure of
dotblock is documented below. - dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- ech
Outer ObjectSnis Firewall Sslsshprofile Ech Outer Sni[] - Ech-Outer-Sni. The structure of
ech_outer_sniblock is documented below. - ftps
Object
Firewall Sslsshprofile Ftps - Ftps. The structure of
ftpsblock is documented below. - https
Object
Firewall Sslsshprofile Https - Https. The structure of
httpsblock is documented below. - imaps
Object
Firewall Sslsshprofile Imaps - Imaps. The structure of
imapsblock is documented below. - mapi
Over stringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
disable,enable. - name string
- Name.
- object
Firewall stringSslsshprofile Id - an identifier for the resource with format {{name}}.
- pop3s
Object
Firewall Sslsshprofile Pop3s - Pop3S. The structure of
pop3sblock is documented below. - rpc
Over stringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
disable,enable. - scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Cert string - Certificate used by SSL Inspection to replace server certificate.
- server
Cert stringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps
Object
Firewall Sslsshprofile Smtps - Smtps. The structure of
smtpsblock is documented below. - ssh
Object
Firewall Sslsshprofile Ssh - Ssh. The structure of
sshblock is documented below. - ssl
Object
Firewall Sslsshprofile Ssl - Ssl. The structure of
sslblock is documented below. - ssl
Anomalies stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Anomaly stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Exemption stringIp Rating - Enable/disable IP based URL rating. Valid values:
disable,enable. - ssl
Exemption stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exemptions stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exempts ObjectFirewall Sslsshprofile Ssl Exempt[] - Ssl-Exempt. The structure of
ssl_exemptblock is documented below. - ssl
Handshake stringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl
Negotiation stringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl
Server stringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl
Servers ObjectFirewall Sslsshprofile Ssl Server[] - Ssl-Server. The structure of
ssl_serverblock is documented below. - supported
Alpn string - Configure ALPN option. Valid values:
none,http1-1,http2,all. - untrusted
Caname string - Untrusted CA certificate used by SSL Inspection.
- use
Ssl stringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - whitelist string
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
disable,enable.
- adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - allowlist str
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
disable,enable. - block_
blacklisted_ strcertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block_
blocklisted_ strcertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname str
- CA certificate used by SSL Inspection.
- comment str
- Optional comments.
- dot
Object
Firewall Sslsshprofile Dot Args - Dot. The structure of
dotblock is documented below. - dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- ech_
outer_ Sequence[Objectsnis Firewall Sslsshprofile Ech Outer Sni Args] - Ech-Outer-Sni. The structure of
ech_outer_sniblock is documented below. - ftps
Object
Firewall Sslsshprofile Ftps Args - Ftps. The structure of
ftpsblock is documented below. - https
Object
Firewall Sslsshprofile Https Args - Https. The structure of
httpsblock is documented below. - imaps
Object
Firewall Sslsshprofile Imaps Args - Imaps. The structure of
imapsblock is documented below. - mapi_
over_ strhttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
disable,enable. - name str
- Name.
- object_
firewall_ strsslsshprofile_ id - an identifier for the resource with format {{name}}.
- pop3s
Object
Firewall Sslsshprofile Pop3s Args - Pop3S. The structure of
pop3sblock is documented below. - rpc_
over_ strhttps - Enable/disable inspection of RPC over HTTPS. Valid values:
disable,enable. - scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server_
cert str - Certificate used by SSL Inspection to replace server certificate.
- server_
cert_ strmode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps
Object
Firewall Sslsshprofile Smtps Args - Smtps. The structure of
smtpsblock is documented below. - ssh
Object
Firewall Sslsshprofile Ssh Args - Ssh. The structure of
sshblock is documented below. - ssl
Object
Firewall Sslsshprofile Ssl Args - Ssl. The structure of
sslblock is documented below. - ssl_
anomalies_ strlog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl_
anomaly_ strlog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl_
exemption_ strip_ rating - Enable/disable IP based URL rating. Valid values:
disable,enable. - ssl_
exemption_ strlog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl_
exemptions_ strlog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl_
exempts Sequence[ObjectFirewall Sslsshprofile Ssl Exempt Args] - Ssl-Exempt. The structure of
ssl_exemptblock is documented below. - ssl_
handshake_ strlog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl_
negotiation_ strlog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl_
server_ strcert_ log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl_
servers Sequence[ObjectFirewall Sslsshprofile Ssl Server Args] - Ssl-Server. The structure of
ssl_serverblock is documented below. - supported_
alpn str - Configure ALPN option. Valid values:
none,http1-1,http2,all. - untrusted_
caname str - Untrusted CA certificate used by SSL Inspection.
- use_
ssl_ strserver - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - whitelist str
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
disable,enable.
- adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - allowlist String
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
disable,enable. - block
Blacklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block
Blocklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname String
- CA certificate used by SSL Inspection.
- comment String
- Optional comments.
- dot Property Map
- Dot. The structure of
dotblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- ech
Outer List<Property Map>Snis - Ech-Outer-Sni. The structure of
ech_outer_sniblock is documented below. - ftps Property Map
- Ftps. The structure of
ftpsblock is documented below. - https Property Map
- Https. The structure of
httpsblock is documented below. - imaps Property Map
- Imaps. The structure of
imapsblock is documented below. - mapi
Over StringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
disable,enable. - name String
- Name.
- object
Firewall StringSslsshprofile Id - an identifier for the resource with format {{name}}.
- pop3s Property Map
- Pop3S. The structure of
pop3sblock is documented below. - rpc
Over StringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
disable,enable. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Cert String - Certificate used by SSL Inspection to replace server certificate.
- server
Cert StringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps Property Map
- Smtps. The structure of
smtpsblock is documented below. - ssh Property Map
- Ssh. The structure of
sshblock is documented below. - ssl Property Map
- Ssl. The structure of
sslblock is documented below. - ssl
Anomalies StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Anomaly StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Exemption StringIp Rating - Enable/disable IP based URL rating. Valid values:
disable,enable. - ssl
Exemption StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exemptions StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exempts List<Property Map> - Ssl-Exempt. The structure of
ssl_exemptblock is documented below. - ssl
Handshake StringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl
Negotiation StringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl
Server StringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl
Servers List<Property Map> - Ssl-Server. The structure of
ssl_serverblock is documented below. - supported
Alpn String - Configure ALPN option. Valid values:
none,http1-1,http2,all. - untrusted
Caname String - Untrusted CA certificate used by SSL Inspection.
- use
Ssl StringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - whitelist String
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
disable,enable.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectFirewallSslsshprofile resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ObjectFirewallSslsshprofile Resource
Get an existing ObjectFirewallSslsshprofile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectFirewallSslsshprofileState, opts?: CustomResourceOptions): ObjectFirewallSslsshprofile@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
adom: Optional[str] = None,
allowlist: Optional[str] = None,
block_blacklisted_certificates: Optional[str] = None,
block_blocklisted_certificates: Optional[str] = None,
caname: Optional[str] = None,
comment: Optional[str] = None,
dot: Optional[ObjectFirewallSslsshprofileDotArgs] = None,
dynamic_sort_subtable: Optional[str] = None,
ech_outer_snis: Optional[Sequence[ObjectFirewallSslsshprofileEchOuterSniArgs]] = None,
ftps: Optional[ObjectFirewallSslsshprofileFtpsArgs] = None,
https: Optional[ObjectFirewallSslsshprofileHttpsArgs] = None,
imaps: Optional[ObjectFirewallSslsshprofileImapsArgs] = None,
mapi_over_https: Optional[str] = None,
name: Optional[str] = None,
object_firewall_sslsshprofile_id: Optional[str] = None,
pop3s: Optional[ObjectFirewallSslsshprofilePop3sArgs] = None,
rpc_over_https: Optional[str] = None,
scopetype: Optional[str] = None,
server_cert: Optional[str] = None,
server_cert_mode: Optional[str] = None,
smtps: Optional[ObjectFirewallSslsshprofileSmtpsArgs] = None,
ssh: Optional[ObjectFirewallSslsshprofileSshArgs] = None,
ssl: Optional[ObjectFirewallSslsshprofileSslArgs] = None,
ssl_anomalies_log: Optional[str] = None,
ssl_anomaly_log: Optional[str] = None,
ssl_exemption_ip_rating: Optional[str] = None,
ssl_exemption_log: Optional[str] = None,
ssl_exemptions_log: Optional[str] = None,
ssl_exempts: Optional[Sequence[ObjectFirewallSslsshprofileSslExemptArgs]] = None,
ssl_handshake_log: Optional[str] = None,
ssl_negotiation_log: Optional[str] = None,
ssl_server_cert_log: Optional[str] = None,
ssl_servers: Optional[Sequence[ObjectFirewallSslsshprofileSslServerArgs]] = None,
supported_alpn: Optional[str] = None,
untrusted_caname: Optional[str] = None,
use_ssl_server: Optional[str] = None,
whitelist: Optional[str] = None) -> ObjectFirewallSslsshprofilefunc GetObjectFirewallSslsshprofile(ctx *Context, name string, id IDInput, state *ObjectFirewallSslsshprofileState, opts ...ResourceOption) (*ObjectFirewallSslsshprofile, error)public static ObjectFirewallSslsshprofile Get(string name, Input<string> id, ObjectFirewallSslsshprofileState? state, CustomResourceOptions? opts = null)public static ObjectFirewallSslsshprofile get(String name, Output<String> id, ObjectFirewallSslsshprofileState state, CustomResourceOptions options)resources: _: type: fortimanager:ObjectFirewallSslsshprofile get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Allowlist string
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
disable,enable. - Block
Blacklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - Block
Blocklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - Caname string
- CA certificate used by SSL Inspection.
- Comment string
- Optional comments.
- Dot
Object
Firewall Sslsshprofile Dot - Dot. The structure of
dotblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Ech
Outer List<ObjectSnis Firewall Sslsshprofile Ech Outer Sni> - Ech-Outer-Sni. The structure of
ech_outer_sniblock is documented below. - Ftps
Object
Firewall Sslsshprofile Ftps - Ftps. The structure of
ftpsblock is documented below. - Https
Object
Firewall Sslsshprofile Https - Https. The structure of
httpsblock is documented below. - Imaps
Object
Firewall Sslsshprofile Imaps - Imaps. The structure of
imapsblock is documented below. - Mapi
Over stringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
disable,enable. - Name string
- Name.
- Object
Firewall stringSslsshprofile Id - an identifier for the resource with format {{name}}.
- Pop3s
Object
Firewall Sslsshprofile Pop3s - Pop3S. The structure of
pop3sblock is documented below. - Rpc
Over stringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
disable,enable. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Cert string - Certificate used by SSL Inspection to replace server certificate.
- Server
Cert stringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - Smtps
Object
Firewall Sslsshprofile Smtps - Smtps. The structure of
smtpsblock is documented below. - Ssh
Object
Firewall Sslsshprofile Ssh - Ssh. The structure of
sshblock is documented below. - Ssl
Object
Firewall Sslsshprofile Ssl - Ssl. The structure of
sslblock is documented below. - Ssl
Anomalies stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Anomaly stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Exemption stringIp Rating - Enable/disable IP based URL rating. Valid values:
disable,enable. - Ssl
Exemption stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exemptions stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exempts List<ObjectFirewall Sslsshprofile Ssl Exempt> - Ssl-Exempt. The structure of
ssl_exemptblock is documented below. - Ssl
Handshake stringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - Ssl
Negotiation stringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - Ssl
Server stringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - Ssl
Servers List<ObjectFirewall Sslsshprofile Ssl Server> - Ssl-Server. The structure of
ssl_serverblock is documented below. - Supported
Alpn string - Configure ALPN option. Valid values:
none,http1-1,http2,all. - Untrusted
Caname string - Untrusted CA certificate used by SSL Inspection.
- Use
Ssl stringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - Whitelist string
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
disable,enable.
- Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Allowlist string
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
disable,enable. - Block
Blacklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - Block
Blocklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - Caname string
- CA certificate used by SSL Inspection.
- Comment string
- Optional comments.
- Dot
Object
Firewall Sslsshprofile Dot Type Args - Dot. The structure of
dotblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Ech
Outer []ObjectSnis Firewall Sslsshprofile Ech Outer Sni Type Args - Ech-Outer-Sni. The structure of
ech_outer_sniblock is documented below. - Ftps
Object
Firewall Sslsshprofile Ftps Type Args - Ftps. The structure of
ftpsblock is documented below. - Https
Object
Firewall Sslsshprofile Https Type Args - Https. The structure of
httpsblock is documented below. - Imaps
Object
Firewall Sslsshprofile Imaps Type Args - Imaps. The structure of
imapsblock is documented below. - Mapi
Over stringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
disable,enable. - Name string
- Name.
- Object
Firewall stringSslsshprofile Id - an identifier for the resource with format {{name}}.
- Pop3s
Object
Firewall Sslsshprofile Pop3s Type Args - Pop3S. The structure of
pop3sblock is documented below. - Rpc
Over stringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
disable,enable. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Cert string - Certificate used by SSL Inspection to replace server certificate.
- Server
Cert stringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - Smtps
Object
Firewall Sslsshprofile Smtps Type Args - Smtps. The structure of
smtpsblock is documented below. - Ssh
Object
Firewall Sslsshprofile Ssh Type Args - Ssh. The structure of
sshblock is documented below. - Ssl
Object
Firewall Sslsshprofile Ssl Type Args - Ssl. The structure of
sslblock is documented below. - Ssl
Anomalies stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Anomaly stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Exemption stringIp Rating - Enable/disable IP based URL rating. Valid values:
disable,enable. - Ssl
Exemption stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exemptions stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exempts []ObjectFirewall Sslsshprofile Ssl Exempt Type Args - Ssl-Exempt. The structure of
ssl_exemptblock is documented below. - Ssl
Handshake stringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - Ssl
Negotiation stringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - Ssl
Server stringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - Ssl
Servers []ObjectFirewall Sslsshprofile Ssl Server Type Args - Ssl-Server. The structure of
ssl_serverblock is documented below. - Supported
Alpn string - Configure ALPN option. Valid values:
none,http1-1,http2,all. - Untrusted
Caname string - Untrusted CA certificate used by SSL Inspection.
- Use
Ssl stringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - Whitelist string
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
disable,enable.
- adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - allowlist String
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
disable,enable. - block
Blacklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block
Blocklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname String
- CA certificate used by SSL Inspection.
- comment String
- Optional comments.
- dot
Object
Firewall Sslsshprofile Dot - Dot. The structure of
dotblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- ech
Outer List<ObjectSnis Firewall Sslsshprofile Ech Outer Sni> - Ech-Outer-Sni. The structure of
ech_outer_sniblock is documented below. - ftps
Object
Firewall Sslsshprofile Ftps - Ftps. The structure of
ftpsblock is documented below. - https
Object
Firewall Sslsshprofile Https - Https. The structure of
httpsblock is documented below. - imaps
Object
Firewall Sslsshprofile Imaps - Imaps. The structure of
imapsblock is documented below. - mapi
Over StringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
disable,enable. - name String
- Name.
- object
Firewall StringSslsshprofile Id - an identifier for the resource with format {{name}}.
- pop3s
Object
Firewall Sslsshprofile Pop3s - Pop3S. The structure of
pop3sblock is documented below. - rpc
Over StringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
disable,enable. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Cert String - Certificate used by SSL Inspection to replace server certificate.
- server
Cert StringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps
Object
Firewall Sslsshprofile Smtps - Smtps. The structure of
smtpsblock is documented below. - ssh
Object
Firewall Sslsshprofile Ssh - Ssh. The structure of
sshblock is documented below. - ssl
Object
Firewall Sslsshprofile Ssl - Ssl. The structure of
sslblock is documented below. - ssl
Anomalies StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Anomaly StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Exemption StringIp Rating - Enable/disable IP based URL rating. Valid values:
disable,enable. - ssl
Exemption StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exemptions StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exempts List<ObjectFirewall Sslsshprofile Ssl Exempt> - Ssl-Exempt. The structure of
ssl_exemptblock is documented below. - ssl
Handshake StringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl
Negotiation StringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl
Server StringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl
Servers List<ObjectFirewall Sslsshprofile Ssl Server> - Ssl-Server. The structure of
ssl_serverblock is documented below. - supported
Alpn String - Configure ALPN option. Valid values:
none,http1-1,http2,all. - untrusted
Caname String - Untrusted CA certificate used by SSL Inspection.
- use
Ssl StringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - whitelist String
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
disable,enable.
- adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - allowlist string
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
disable,enable. - block
Blacklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block
Blocklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname string
- CA certificate used by SSL Inspection.
- comment string
- Optional comments.
- dot
Object
Firewall Sslsshprofile Dot - Dot. The structure of
dotblock is documented below. - dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- ech
Outer ObjectSnis Firewall Sslsshprofile Ech Outer Sni[] - Ech-Outer-Sni. The structure of
ech_outer_sniblock is documented below. - ftps
Object
Firewall Sslsshprofile Ftps - Ftps. The structure of
ftpsblock is documented below. - https
Object
Firewall Sslsshprofile Https - Https. The structure of
httpsblock is documented below. - imaps
Object
Firewall Sslsshprofile Imaps - Imaps. The structure of
imapsblock is documented below. - mapi
Over stringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
disable,enable. - name string
- Name.
- object
Firewall stringSslsshprofile Id - an identifier for the resource with format {{name}}.
- pop3s
Object
Firewall Sslsshprofile Pop3s - Pop3S. The structure of
pop3sblock is documented below. - rpc
Over stringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
disable,enable. - scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Cert string - Certificate used by SSL Inspection to replace server certificate.
- server
Cert stringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps
Object
Firewall Sslsshprofile Smtps - Smtps. The structure of
smtpsblock is documented below. - ssh
Object
Firewall Sslsshprofile Ssh - Ssh. The structure of
sshblock is documented below. - ssl
Object
Firewall Sslsshprofile Ssl - Ssl. The structure of
sslblock is documented below. - ssl
Anomalies stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Anomaly stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Exemption stringIp Rating - Enable/disable IP based URL rating. Valid values:
disable,enable. - ssl
Exemption stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exemptions stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exempts ObjectFirewall Sslsshprofile Ssl Exempt[] - Ssl-Exempt. The structure of
ssl_exemptblock is documented below. - ssl
Handshake stringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl
Negotiation stringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl
Server stringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl
Servers ObjectFirewall Sslsshprofile Ssl Server[] - Ssl-Server. The structure of
ssl_serverblock is documented below. - supported
Alpn string - Configure ALPN option. Valid values:
none,http1-1,http2,all. - untrusted
Caname string - Untrusted CA certificate used by SSL Inspection.
- use
Ssl stringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - whitelist string
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
disable,enable.
- adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - allowlist str
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
disable,enable. - block_
blacklisted_ strcertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block_
blocklisted_ strcertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname str
- CA certificate used by SSL Inspection.
- comment str
- Optional comments.
- dot
Object
Firewall Sslsshprofile Dot Args - Dot. The structure of
dotblock is documented below. - dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- ech_
outer_ Sequence[Objectsnis Firewall Sslsshprofile Ech Outer Sni Args] - Ech-Outer-Sni. The structure of
ech_outer_sniblock is documented below. - ftps
Object
Firewall Sslsshprofile Ftps Args - Ftps. The structure of
ftpsblock is documented below. - https
Object
Firewall Sslsshprofile Https Args - Https. The structure of
httpsblock is documented below. - imaps
Object
Firewall Sslsshprofile Imaps Args - Imaps. The structure of
imapsblock is documented below. - mapi_
over_ strhttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
disable,enable. - name str
- Name.
- object_
firewall_ strsslsshprofile_ id - an identifier for the resource with format {{name}}.
- pop3s
Object
Firewall Sslsshprofile Pop3s Args - Pop3S. The structure of
pop3sblock is documented below. - rpc_
over_ strhttps - Enable/disable inspection of RPC over HTTPS. Valid values:
disable,enable. - scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server_
cert str - Certificate used by SSL Inspection to replace server certificate.
- server_
cert_ strmode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps
Object
Firewall Sslsshprofile Smtps Args - Smtps. The structure of
smtpsblock is documented below. - ssh
Object
Firewall Sslsshprofile Ssh Args - Ssh. The structure of
sshblock is documented below. - ssl
Object
Firewall Sslsshprofile Ssl Args - Ssl. The structure of
sslblock is documented below. - ssl_
anomalies_ strlog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl_
anomaly_ strlog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl_
exemption_ strip_ rating - Enable/disable IP based URL rating. Valid values:
disable,enable. - ssl_
exemption_ strlog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl_
exemptions_ strlog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl_
exempts Sequence[ObjectFirewall Sslsshprofile Ssl Exempt Args] - Ssl-Exempt. The structure of
ssl_exemptblock is documented below. - ssl_
handshake_ strlog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl_
negotiation_ strlog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl_
server_ strcert_ log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl_
servers Sequence[ObjectFirewall Sslsshprofile Ssl Server Args] - Ssl-Server. The structure of
ssl_serverblock is documented below. - supported_
alpn str - Configure ALPN option. Valid values:
none,http1-1,http2,all. - untrusted_
caname str - Untrusted CA certificate used by SSL Inspection.
- use_
ssl_ strserver - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - whitelist str
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
disable,enable.
- adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - allowlist String
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
disable,enable. - block
Blacklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block
Blocklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname String
- CA certificate used by SSL Inspection.
- comment String
- Optional comments.
- dot Property Map
- Dot. The structure of
dotblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- ech
Outer List<Property Map>Snis - Ech-Outer-Sni. The structure of
ech_outer_sniblock is documented below. - ftps Property Map
- Ftps. The structure of
ftpsblock is documented below. - https Property Map
- Https. The structure of
httpsblock is documented below. - imaps Property Map
- Imaps. The structure of
imapsblock is documented below. - mapi
Over StringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
disable,enable. - name String
- Name.
- object
Firewall StringSslsshprofile Id - an identifier for the resource with format {{name}}.
- pop3s Property Map
- Pop3S. The structure of
pop3sblock is documented below. - rpc
Over StringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
disable,enable. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Cert String - Certificate used by SSL Inspection to replace server certificate.
- server
Cert StringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps Property Map
- Smtps. The structure of
smtpsblock is documented below. - ssh Property Map
- Ssh. The structure of
sshblock is documented below. - ssl Property Map
- Ssl. The structure of
sslblock is documented below. - ssl
Anomalies StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Anomaly StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Exemption StringIp Rating - Enable/disable IP based URL rating. Valid values:
disable,enable. - ssl
Exemption StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exemptions StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exempts List<Property Map> - Ssl-Exempt. The structure of
ssl_exemptblock is documented below. - ssl
Handshake StringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl
Negotiation StringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl
Server StringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl
Servers List<Property Map> - Ssl-Server. The structure of
ssl_serverblock is documented below. - supported
Alpn String - Configure ALPN option. Valid values:
none,http1-1,http2,all. - untrusted
Caname String - Untrusted CA certificate used by SSL Inspection.
- use
Ssl StringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - whitelist String
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
disable,enable.
Supporting Types
ObjectFirewallSslsshprofileDot, ObjectFirewallSslsshprofileDotArgs
, ObjectFirewallSslsshprofileDotArgs
- Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Min
Allowed stringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - Quic string
- Enable/disable QUIC inspection (default = disable). Valid values:
disable,enable. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
block,allow. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
block,allow. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Min
Allowed stringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - Quic string
- Enable/disable QUIC inspection (default = disable). Valid values:
disable,enable. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
block,allow. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
block,allow. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - min
Allowed StringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - quic String
- Enable/disable QUIC inspection (default = disable). Valid values:
disable,enable. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
block,allow. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
block,allow. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - min
Allowed stringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - quic string
- Enable/disable QUIC inspection (default = disable). Valid values:
disable,enable. - revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
block,allow. - unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
block,allow. - unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- cert_
validation_ strfailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert_
validation_ strtimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client_
certificate str - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired_
server_ strcert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - min_
allowed_ strssl_ version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - proxy_
after_ strtcp_ handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - quic str
- Enable/disable QUIC inspection (default = disable). Valid values:
disable,enable. - revoked_
server_ strcert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni_
server_ strcert_ check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status str
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported_
ssl_ strcipher - Action based on the SSL cipher used being unsupported. Valid values:
block,allow. - unsupported_
ssl_ strnegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
block,allow. - unsupported_
ssl_ strversion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted_
server_ strcert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - min
Allowed StringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - quic String
- Enable/disable QUIC inspection (default = disable). Valid values:
disable,enable. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
block,allow. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
block,allow. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
ObjectFirewallSslsshprofileEchOuterSni, ObjectFirewallSslsshprofileEchOuterSniArgs
, ObjectFirewallSslsshprofileEchOuterSniArgs
ObjectFirewallSslsshprofileFtps, ObjectFirewallSslsshprofileFtpsArgs
, ObjectFirewallSslsshprofileFtpsArgs
- Allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ports List<double>
- Ports to use for scanning (1 - 65535, default = 443).
- Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - Untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- Allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ports []float64
- Ports to use for scanning (1 - 65535, default = 443).
- Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - Untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid StringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports List<Double>
- Ports to use for scanning (1 - 65535, default = 443).
- revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert String - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports number[]
- Ports to use for scanning (1 - 65535, default = 443).
- revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow_
invalid_ strserver_ cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert_
validation_ strfailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert_
validation_ strtimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client_
cert_ strrequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client_
certificate str - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired_
server_ strcert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid_
server_ strcert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min_
allowed_ strssl_ version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports Sequence[float]
- Ports to use for scanning (1 - 65535, default = 443).
- revoked_
server_ strcert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni_
server_ strcert_ check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status str
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported_
ssl str - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported_
ssl_ strcipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strnegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strversion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted_
cert str - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted_
server_ strcert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid StringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports List<Number>
- Ports to use for scanning (1 - 65535, default = 443).
- revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert String - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
ObjectFirewallSslsshprofileHttps, ObjectFirewallSslsshprofileHttpsArgs
, ObjectFirewallSslsshprofileHttpsArgs
- Allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - Cert
Probe stringFailure - Action based on certificate probe failure. Valid values:
block,allow. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Encrypted
Client stringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
block,allow. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ports List<double>
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - Quic string
- Enable/disable QUIC inspection (default = disable). Valid values:
disable,enable. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - Status string
- Configure protocol inspection status. Valid values:
disable,certificate-inspection,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - Untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- Allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - Cert
Probe stringFailure - Action based on certificate probe failure. Valid values:
block,allow. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Encrypted
Client stringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
block,allow. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ports []float64
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - Quic string
- Enable/disable QUIC inspection (default = disable). Valid values:
disable,enable. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - Status string
- Configure protocol inspection status. Valid values:
disable,certificate-inspection,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - Untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid StringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Probe StringFailure - Action based on certificate probe failure. Valid values:
block,allow. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted
Client StringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
block,allow. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports List<Double>
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - quic String
- Enable/disable QUIC inspection (default = disable). Valid values:
disable,enable. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status String
- Configure protocol inspection status. Valid values:
disable,certificate-inspection,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert String - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Probe stringFailure - Action based on certificate probe failure. Valid values:
block,allow. - cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted
Client stringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
block,allow. - expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports number[]
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - quic string
- Enable/disable QUIC inspection (default = disable). Valid values:
disable,enable. - revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status string
- Configure protocol inspection status. Valid values:
disable,certificate-inspection,deep-inspection. - unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow_
invalid_ strserver_ cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert_
probe_ strfailure - Action based on certificate probe failure. Valid values:
block,allow. - cert_
validation_ strfailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert_
validation_ strtimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client_
cert_ strrequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client_
certificate str - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted_
client_ strhello - Block/allow session based on existence of encrypted-client-hello. Valid values:
block,allow. - expired_
server_ strcert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid_
server_ strcert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min_
allowed_ strssl_ version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports Sequence[float]
- Ports to use for scanning (1 - 65535, default = 443).
- proxy_
after_ strtcp_ handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - quic str
- Enable/disable QUIC inspection (default = disable). Valid values:
disable,enable. - revoked_
server_ strcert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni_
server_ strcert_ check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status str
- Configure protocol inspection status. Valid values:
disable,certificate-inspection,deep-inspection. - unsupported_
ssl str - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported_
ssl_ strcipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strnegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strversion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted_
cert str - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted_
server_ strcert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid StringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Probe StringFailure - Action based on certificate probe failure. Valid values:
block,allow. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted
Client StringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
block,allow. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports List<Number>
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - quic String
- Enable/disable QUIC inspection (default = disable). Valid values:
disable,enable. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status String
- Configure protocol inspection status. Valid values:
disable,certificate-inspection,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert String - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
ObjectFirewallSslsshprofileImaps, ObjectFirewallSslsshprofileImapsArgs
, ObjectFirewallSslsshprofileImapsArgs
- Allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ports List<double>
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - Untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- Allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ports []float64
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - Untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid StringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports List<Double>
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert String - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed stringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports number[]
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow_
invalid_ strserver_ cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert_
validation_ strfailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert_
validation_ strtimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client_
cert_ strrequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client_
certificate str - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired_
server_ strcert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid_
server_ strcert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min_
allowed_ strssl_ version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports Sequence[float]
- Ports to use for scanning (1 - 65535, default = 443).
- proxy_
after_ strtcp_ handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - revoked_
server_ strcert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni_
server_ strcert_ check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status str
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported_
ssl str - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported_
ssl_ strcipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strnegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strversion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted_
cert str - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted_
server_ strcert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid StringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports List<Number>
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert String - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
ObjectFirewallSslsshprofilePop3s, ObjectFirewallSslsshprofilePop3sArgs
, ObjectFirewallSslsshprofilePop3sArgs
- Allow
Invalid stringServer Cert - Cert
Validation stringFailure - Cert
Validation stringTimeout - Client
Cert stringRequest - Client
Certificate string - Expired
Server stringCert - Invalid
Server stringCert - Min
Allowed stringSsl Version - Ports List<double>
- Proxy
After stringTcp Handshake - Revoked
Server stringCert - Sni
Server stringCert Check - Status string
- Unsupported
Ssl string - Unsupported
Ssl stringCipher - Unsupported
Ssl stringNegotiation - Unsupported
Ssl stringVersion - Untrusted
Cert string - Untrusted
Server stringCert
- Allow
Invalid stringServer Cert - Cert
Validation stringFailure - Cert
Validation stringTimeout - Client
Cert stringRequest - Client
Certificate string - Expired
Server stringCert - Invalid
Server stringCert - Min
Allowed stringSsl Version - Ports []float64
- Proxy
After stringTcp Handshake - Revoked
Server stringCert - Sni
Server stringCert Check - Status string
- Unsupported
Ssl string - Unsupported
Ssl stringCipher - Unsupported
Ssl stringNegotiation - Unsupported
Ssl stringVersion - Untrusted
Cert string - Untrusted
Server stringCert
- allow
Invalid StringServer Cert - cert
Validation StringFailure - cert
Validation StringTimeout - client
Cert StringRequest - client
Certificate String - expired
Server StringCert - invalid
Server StringCert - min
Allowed StringSsl Version - ports List<Double>
- proxy
After StringTcp Handshake - revoked
Server StringCert - sni
Server StringCert Check - status String
- unsupported
Ssl String - unsupported
Ssl StringCipher - unsupported
Ssl StringNegotiation - unsupported
Ssl StringVersion - untrusted
Cert String - untrusted
Server StringCert
- allow
Invalid stringServer Cert - cert
Validation stringFailure - cert
Validation stringTimeout - client
Cert stringRequest - client
Certificate string - expired
Server stringCert - invalid
Server stringCert - min
Allowed stringSsl Version - ports number[]
- proxy
After stringTcp Handshake - revoked
Server stringCert - sni
Server stringCert Check - status string
- unsupported
Ssl string - unsupported
Ssl stringCipher - unsupported
Ssl stringNegotiation - unsupported
Ssl stringVersion - untrusted
Cert string - untrusted
Server stringCert
- allow_
invalid_ strserver_ cert - cert_
validation_ strfailure - cert_
validation_ strtimeout - client_
cert_ strrequest - client_
certificate str - expired_
server_ strcert - invalid_
server_ strcert - min_
allowed_ strssl_ version - ports Sequence[float]
- proxy_
after_ strtcp_ handshake - revoked_
server_ strcert - sni_
server_ strcert_ check - status str
- unsupported_
ssl str - unsupported_
ssl_ strcipher - unsupported_
ssl_ strnegotiation - unsupported_
ssl_ strversion - untrusted_
cert str - untrusted_
server_ strcert
- allow
Invalid StringServer Cert - cert
Validation StringFailure - cert
Validation StringTimeout - client
Cert StringRequest - client
Certificate String - expired
Server StringCert - invalid
Server StringCert - min
Allowed StringSsl Version - ports List<Number>
- proxy
After StringTcp Handshake - revoked
Server StringCert - sni
Server StringCert Check - status String
- unsupported
Ssl String - unsupported
Ssl StringCipher - unsupported
Ssl StringNegotiation - unsupported
Ssl StringVersion - untrusted
Cert String - untrusted
Server StringCert
ObjectFirewallSslsshprofileSmtps, ObjectFirewallSslsshprofileSmtpsArgs
, ObjectFirewallSslsshprofileSmtpsArgs
- Allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ports List<double>
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - Untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- Allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ports []float64
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - Untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid StringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports List<Double>
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert String - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed stringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports number[]
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow_
invalid_ strserver_ cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert_
validation_ strfailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert_
validation_ strtimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client_
cert_ strrequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client_
certificate str - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired_
server_ strcert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid_
server_ strcert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min_
allowed_ strssl_ version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports Sequence[float]
- Ports to use for scanning (1 - 65535, default = 443).
- proxy_
after_ strtcp_ handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - revoked_
server_ strcert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni_
server_ strcert_ check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status str
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported_
ssl str - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported_
ssl_ strcipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strnegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strversion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted_
cert str - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted_
server_ strcert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid StringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Min-Allowed-Ssl-Version. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports List<Number>
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert String - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
ObjectFirewallSslsshprofileSsh, ObjectFirewallSslsshprofileSshArgs
, ObjectFirewallSslsshprofileSshArgs
- Inspect
All string - Level of SSL inspection. Valid values:
disable,deep-inspection. - Ports List<double>
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - Ssh
Algorithm string - Relative strength of encryption algorithms accepted during negotiation. Valid values:
compatible,high-encryption. - Ssh
Policy stringCheck - Enable/disable SSH policy check. Valid values:
disable,enable. - Ssh
Tun stringPolicy Check - Enable/disable SSH tunnel policy check. Valid values:
disable,enable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Version string - Action based on SSH version being unsupported. Valid values:
block,bypass.
- Inspect
All string - Level of SSL inspection. Valid values:
disable,deep-inspection. - Ports []float64
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - Ssh
Algorithm string - Relative strength of encryption algorithms accepted during negotiation. Valid values:
compatible,high-encryption. - Ssh
Policy stringCheck - Enable/disable SSH policy check. Valid values:
disable,enable. - Ssh
Tun stringPolicy Check - Enable/disable SSH tunnel policy check. Valid values:
disable,enable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Version string - Action based on SSH version being unsupported. Valid values:
block,bypass.
- inspect
All String - Level of SSL inspection. Valid values:
disable,deep-inspection. - ports List<Double>
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - ssh
Algorithm String - Relative strength of encryption algorithms accepted during negotiation. Valid values:
compatible,high-encryption. - ssh
Policy StringCheck - Enable/disable SSH policy check. Valid values:
disable,enable. - ssh
Tun StringPolicy Check - Enable/disable SSH tunnel policy check. Valid values:
disable,enable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Version String - Action based on SSH version being unsupported. Valid values:
block,bypass.
- inspect
All string - Level of SSL inspection. Valid values:
disable,deep-inspection. - ports number[]
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - ssh
Algorithm string - Relative strength of encryption algorithms accepted during negotiation. Valid values:
compatible,high-encryption. - ssh
Policy stringCheck - Enable/disable SSH policy check. Valid values:
disable,enable. - ssh
Tun stringPolicy Check - Enable/disable SSH tunnel policy check. Valid values:
disable,enable. - status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Version string - Action based on SSH version being unsupported. Valid values:
block,bypass.
- inspect_
all str - Level of SSL inspection. Valid values:
disable,deep-inspection. - ports Sequence[float]
- Ports to use for scanning (1 - 65535, default = 443).
- proxy_
after_ strtcp_ handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - ssh_
algorithm str - Relative strength of encryption algorithms accepted during negotiation. Valid values:
compatible,high-encryption. - ssh_
policy_ strcheck - Enable/disable SSH policy check. Valid values:
disable,enable. - ssh_
tun_ strpolicy_ check - Enable/disable SSH tunnel policy check. Valid values:
disable,enable. - status str
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported_
version str - Action based on SSH version being unsupported. Valid values:
block,bypass.
- inspect
All String - Level of SSL inspection. Valid values:
disable,deep-inspection. - ports List<Number>
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
disable,enable. - ssh
Algorithm String - Relative strength of encryption algorithms accepted during negotiation. Valid values:
compatible,high-encryption. - ssh
Policy StringCheck - Enable/disable SSH policy check. Valid values:
disable,enable. - ssh
Tun StringPolicy Check - Enable/disable SSH tunnel policy check. Valid values:
disable,enable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Version String - Action based on SSH version being unsupported. Valid values:
block,bypass.
ObjectFirewallSslsshprofileSsl, ObjectFirewallSslsshprofileSslArgs
, ObjectFirewallSslsshprofileSslArgs
- Allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - Cert
Probe stringFailure - Action based on certificate probe failure. Valid values:
block,allow. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Encrypted
Client stringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
block,allow. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Inspect
All string - Level of SSL inspection. Valid values:
disable,certificate-inspection,deep-inspection. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - Untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- Allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - Cert
Probe stringFailure - Action based on certificate probe failure. Valid values:
block,allow. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Encrypted
Client stringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
block,allow. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Inspect
All string - Level of SSL inspection. Valid values:
disable,certificate-inspection,deep-inspection. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - Untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid StringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Probe StringFailure - Action based on certificate probe failure. Valid values:
block,allow. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted
Client StringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
block,allow. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - inspect
All String - Level of SSL inspection. Valid values:
disable,certificate-inspection,deep-inspection. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert String - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid stringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Probe stringFailure - Action based on certificate probe failure. Valid values:
block,allow. - cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted
Client stringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
block,allow. - expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - inspect
All string - Level of SSL inspection. Valid values:
disable,certificate-inspection,deep-inspection. - invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert string - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow_
invalid_ strserver_ cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert_
probe_ strfailure - Action based on certificate probe failure. Valid values:
block,allow. - cert_
validation_ strfailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert_
validation_ strtimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client_
cert_ strrequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client_
certificate str - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted_
client_ strhello - Block/allow session based on existence of encrypted-client-hello. Valid values:
block,allow. - expired_
server_ strcert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - inspect_
all str - Level of SSL inspection. Valid values:
disable,certificate-inspection,deep-inspection. - invalid_
server_ strcert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min_
allowed_ strssl_ version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - revoked_
server_ strcert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni_
server_ strcert_ check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - unsupported_
ssl str - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported_
ssl_ strcipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strnegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strversion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted_
cert str - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted_
server_ strcert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- allow
Invalid StringServer Cert - When enabled, allows SSL sessions whose server certificate validation failed. Valid values:
disable,enable. - cert
Probe StringFailure - Action based on certificate probe failure. Valid values:
block,allow. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted
Client StringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
block,allow. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - inspect
All String - Level of SSL inspection. Valid values:
disable,certificate-inspection,deep-inspection. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
disable,enable,strict. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported. Valid values:
block,allow,inspect. - untrusted
Cert String - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore. - untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
ObjectFirewallSslsshprofileSslExempt, ObjectFirewallSslsshprofileSslExemptArgs
, ObjectFirewallSslsshprofileSslExemptArgs
- Address string
- IPv4 address object.
- Address6 string
- IPv6 address object.
- Fortiguard
Categories List<string> - FortiGuard category ID.
- Id double
- ID number.
- Regex string
- Exempt servers by regular expression.
- Type string
- Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values:
fortiguard-category,address,address6,wildcard-fqdn,regex. - Wildcard
Fqdns List<string> - Exempt servers by wildcard FQDN.
- Address string
- IPv4 address object.
- Address6 string
- IPv6 address object.
- Fortiguard
Categories []string - FortiGuard category ID.
- Id float64
- ID number.
- Regex string
- Exempt servers by regular expression.
- Type string
- Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values:
fortiguard-category,address,address6,wildcard-fqdn,regex. - Wildcard
Fqdns []string - Exempt servers by wildcard FQDN.
- address String
- IPv4 address object.
- address6 String
- IPv6 address object.
- fortiguard
Categories List<String> - FortiGuard category ID.
- id Double
- ID number.
- regex String
- Exempt servers by regular expression.
- type String
- Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values:
fortiguard-category,address,address6,wildcard-fqdn,regex. - wildcard
Fqdns List<String> - Exempt servers by wildcard FQDN.
- address string
- IPv4 address object.
- address6 string
- IPv6 address object.
- fortiguard
Categories string[] - FortiGuard category ID.
- id number
- ID number.
- regex string
- Exempt servers by regular expression.
- type string
- Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values:
fortiguard-category,address,address6,wildcard-fqdn,regex. - wildcard
Fqdns string[] - Exempt servers by wildcard FQDN.
- address str
- IPv4 address object.
- address6 str
- IPv6 address object.
- fortiguard_
categories Sequence[str] - FortiGuard category ID.
- id float
- ID number.
- regex str
- Exempt servers by regular expression.
- type str
- Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values:
fortiguard-category,address,address6,wildcard-fqdn,regex. - wildcard_
fqdns Sequence[str] - Exempt servers by wildcard FQDN.
- address String
- IPv4 address object.
- address6 String
- IPv6 address object.
- fortiguard
Categories List<String> - FortiGuard category ID.
- id Number
- ID number.
- regex String
- Exempt servers by regular expression.
- type String
- Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values:
fortiguard-category,address,address6,wildcard-fqdn,regex. - wildcard
Fqdns List<String> - Exempt servers by wildcard FQDN.
ObjectFirewallSslsshprofileSslServer, ObjectFirewallSslsshprofileSslServerArgs
, ObjectFirewallSslsshprofileSslServerArgs
- Ftps
Client stringCert Request - Action based on client certificate request during the FTPS handshake. Valid values:
bypass,inspect,block. - Ftps
Client stringCertificate - Action based on received client certificate during the FTPS handshake. Valid values:
bypass,inspect,block. - Https
Client stringCert Request - Action based on client certificate request during the HTTPS handshake. Valid values:
bypass,inspect,block. - Https
Client stringCertificate - Action based on received client certificate during the HTTPS handshake. Valid values:
bypass,inspect,block. - Id double
- SSL server ID.
- Imaps
Client stringCert Request - Action based on client certificate request during the IMAPS handshake. Valid values:
bypass,inspect,block. - Imaps
Client stringCertificate - Action based on received client certificate during the IMAPS handshake. Valid values:
bypass,inspect,block. - Ip string
- IPv4 address of the SSL server.
- Pop3s
Client stringCert Request - Action based on client certificate request during the POP3S handshake. Valid values:
bypass,inspect,block. - Pop3s
Client stringCertificate - Action based on received client certificate during the POP3S handshake. Valid values:
bypass,inspect,block. - Smtps
Client stringCert Request - Action based on client certificate request during the SMTPS handshake. Valid values:
bypass,inspect,block. - Smtps
Client stringCertificate - Action based on received client certificate during the SMTPS handshake. Valid values:
bypass,inspect,block. - Ssl
Other stringClient Cert Request - Action based on client certificate request during an SSL protocol handshake. Valid values:
bypass,inspect,block. - Ssl
Other stringClient Certificate - Action based on received client certificate during an SSL protocol handshake. Valid values:
bypass,inspect,block.
- Ftps
Client stringCert Request - Action based on client certificate request during the FTPS handshake. Valid values:
bypass,inspect,block. - Ftps
Client stringCertificate - Action based on received client certificate during the FTPS handshake. Valid values:
bypass,inspect,block. - Https
Client stringCert Request - Action based on client certificate request during the HTTPS handshake. Valid values:
bypass,inspect,block. - Https
Client stringCertificate - Action based on received client certificate during the HTTPS handshake. Valid values:
bypass,inspect,block. - Id float64
- SSL server ID.
- Imaps
Client stringCert Request - Action based on client certificate request during the IMAPS handshake. Valid values:
bypass,inspect,block. - Imaps
Client stringCertificate - Action based on received client certificate during the IMAPS handshake. Valid values:
bypass,inspect,block. - Ip string
- IPv4 address of the SSL server.
- Pop3s
Client stringCert Request - Action based on client certificate request during the POP3S handshake. Valid values:
bypass,inspect,block. - Pop3s
Client stringCertificate - Action based on received client certificate during the POP3S handshake. Valid values:
bypass,inspect,block. - Smtps
Client stringCert Request - Action based on client certificate request during the SMTPS handshake. Valid values:
bypass,inspect,block. - Smtps
Client stringCertificate - Action based on received client certificate during the SMTPS handshake. Valid values:
bypass,inspect,block. - Ssl
Other stringClient Cert Request - Action based on client certificate request during an SSL protocol handshake. Valid values:
bypass,inspect,block. - Ssl
Other stringClient Certificate - Action based on received client certificate during an SSL protocol handshake. Valid values:
bypass,inspect,block.
- ftps
Client StringCert Request - Action based on client certificate request during the FTPS handshake. Valid values:
bypass,inspect,block. - ftps
Client StringCertificate - Action based on received client certificate during the FTPS handshake. Valid values:
bypass,inspect,block. - https
Client StringCert Request - Action based on client certificate request during the HTTPS handshake. Valid values:
bypass,inspect,block. - https
Client StringCertificate - Action based on received client certificate during the HTTPS handshake. Valid values:
bypass,inspect,block. - id Double
- SSL server ID.
- imaps
Client StringCert Request - Action based on client certificate request during the IMAPS handshake. Valid values:
bypass,inspect,block. - imaps
Client StringCertificate - Action based on received client certificate during the IMAPS handshake. Valid values:
bypass,inspect,block. - ip String
- IPv4 address of the SSL server.
- pop3s
Client StringCert Request - Action based on client certificate request during the POP3S handshake. Valid values:
bypass,inspect,block. - pop3s
Client StringCertificate - Action based on received client certificate during the POP3S handshake. Valid values:
bypass,inspect,block. - smtps
Client StringCert Request - Action based on client certificate request during the SMTPS handshake. Valid values:
bypass,inspect,block. - smtps
Client StringCertificate - Action based on received client certificate during the SMTPS handshake. Valid values:
bypass,inspect,block. - ssl
Other StringClient Cert Request - Action based on client certificate request during an SSL protocol handshake. Valid values:
bypass,inspect,block. - ssl
Other StringClient Certificate - Action based on received client certificate during an SSL protocol handshake. Valid values:
bypass,inspect,block.
- ftps
Client stringCert Request - Action based on client certificate request during the FTPS handshake. Valid values:
bypass,inspect,block. - ftps
Client stringCertificate - Action based on received client certificate during the FTPS handshake. Valid values:
bypass,inspect,block. - https
Client stringCert Request - Action based on client certificate request during the HTTPS handshake. Valid values:
bypass,inspect,block. - https
Client stringCertificate - Action based on received client certificate during the HTTPS handshake. Valid values:
bypass,inspect,block. - id number
- SSL server ID.
- imaps
Client stringCert Request - Action based on client certificate request during the IMAPS handshake. Valid values:
bypass,inspect,block. - imaps
Client stringCertificate - Action based on received client certificate during the IMAPS handshake. Valid values:
bypass,inspect,block. - ip string
- IPv4 address of the SSL server.
- pop3s
Client stringCert Request - Action based on client certificate request during the POP3S handshake. Valid values:
bypass,inspect,block. - pop3s
Client stringCertificate - Action based on received client certificate during the POP3S handshake. Valid values:
bypass,inspect,block. - smtps
Client stringCert Request - Action based on client certificate request during the SMTPS handshake. Valid values:
bypass,inspect,block. - smtps
Client stringCertificate - Action based on received client certificate during the SMTPS handshake. Valid values:
bypass,inspect,block. - ssl
Other stringClient Cert Request - Action based on client certificate request during an SSL protocol handshake. Valid values:
bypass,inspect,block. - ssl
Other stringClient Certificate - Action based on received client certificate during an SSL protocol handshake. Valid values:
bypass,inspect,block.
- ftps_
client_ strcert_ request - Action based on client certificate request during the FTPS handshake. Valid values:
bypass,inspect,block. - ftps_
client_ strcertificate - Action based on received client certificate during the FTPS handshake. Valid values:
bypass,inspect,block. - https_
client_ strcert_ request - Action based on client certificate request during the HTTPS handshake. Valid values:
bypass,inspect,block. - https_
client_ strcertificate - Action based on received client certificate during the HTTPS handshake. Valid values:
bypass,inspect,block. - id float
- SSL server ID.
- imaps_
client_ strcert_ request - Action based on client certificate request during the IMAPS handshake. Valid values:
bypass,inspect,block. - imaps_
client_ strcertificate - Action based on received client certificate during the IMAPS handshake. Valid values:
bypass,inspect,block. - ip str
- IPv4 address of the SSL server.
- pop3s_
client_ strcert_ request - Action based on client certificate request during the POP3S handshake. Valid values:
bypass,inspect,block. - pop3s_
client_ strcertificate - Action based on received client certificate during the POP3S handshake. Valid values:
bypass,inspect,block. - smtps_
client_ strcert_ request - Action based on client certificate request during the SMTPS handshake. Valid values:
bypass,inspect,block. - smtps_
client_ strcertificate - Action based on received client certificate during the SMTPS handshake. Valid values:
bypass,inspect,block. - ssl_
other_ strclient_ cert_ request - Action based on client certificate request during an SSL protocol handshake. Valid values:
bypass,inspect,block. - ssl_
other_ strclient_ certificate - Action based on received client certificate during an SSL protocol handshake. Valid values:
bypass,inspect,block.
- ftps
Client StringCert Request - Action based on client certificate request during the FTPS handshake. Valid values:
bypass,inspect,block. - ftps
Client StringCertificate - Action based on received client certificate during the FTPS handshake. Valid values:
bypass,inspect,block. - https
Client StringCert Request - Action based on client certificate request during the HTTPS handshake. Valid values:
bypass,inspect,block. - https
Client StringCertificate - Action based on received client certificate during the HTTPS handshake. Valid values:
bypass,inspect,block. - id Number
- SSL server ID.
- imaps
Client StringCert Request - Action based on client certificate request during the IMAPS handshake. Valid values:
bypass,inspect,block. - imaps
Client StringCertificate - Action based on received client certificate during the IMAPS handshake. Valid values:
bypass,inspect,block. - ip String
- IPv4 address of the SSL server.
- pop3s
Client StringCert Request - Action based on client certificate request during the POP3S handshake. Valid values:
bypass,inspect,block. - pop3s
Client StringCertificate - Action based on received client certificate during the POP3S handshake. Valid values:
bypass,inspect,block. - smtps
Client StringCert Request - Action based on client certificate request during the SMTPS handshake. Valid values:
bypass,inspect,block. - smtps
Client StringCertificate - Action based on received client certificate during the SMTPS handshake. Valid values:
bypass,inspect,block. - ssl
Other StringClient Cert Request - Action based on client certificate request during an SSL protocol handshake. Valid values:
bypass,inspect,block. - ssl
Other StringClient Certificate - Action based on received client certificate during an SSL protocol handshake. Valid values:
bypass,inspect,block.
Import
ObjectFirewall SslSshProfile can be imported using any of these accepted formats:
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/objectFirewallSslsshprofile:ObjectFirewallSslsshprofile labelname {{name}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the
fortimanagerTerraform Provider.
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev