checkpoint 2.9.0, Apr 14 25

checkpoint 2.9.0 published on Monday, Apr 14, 2025 by checkpointsw

checkpointsw/terraform-provider-checkpoint

checkpoint.ManagementSetHttpsAdvancedSettings

Explore with Pulumi AI

checkpoint 2.9.0 published on Monday, Apr 14, 2025 by checkpointsw

checkpointsw/terraform-provider-checkpoint

Create ManagementSetHttpsAdvancedSettings Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ManagementSetHttpsAdvancedSettings(name: string, args?: ManagementSetHttpsAdvancedSettingsArgs, opts?: CustomResourceOptions);

@overload
def ManagementSetHttpsAdvancedSettings(resource_name: str,
                                       args: Optional[ManagementSetHttpsAdvancedSettingsArgs] = None,
                                       opts: Optional[ResourceOptions] = None)

@overload
def ManagementSetHttpsAdvancedSettings(resource_name: str,
                                       opts: Optional[ResourceOptions] = None,
                                       blocked_certificate_tracking: Optional[str] = None,
                                       blocked_certificates: Optional[Sequence[ManagementSetHttpsAdvancedSettingsBlockedCertificateArgs]] = None,
                                       bypass_on_client_failure: Optional[bool] = None,
                                       bypass_on_failure: Optional[bool] = None,
                                       bypass_under_load: Optional[Mapping[str, str]] = None,
                                       bypass_update_services: Optional[bool] = None,
                                       certificate_pinned_apps_action: Optional[str] = None,
                                       ignore_errors: Optional[bool] = None,
                                       ignore_warnings: Optional[bool] = None,
                                       log_sessions: Optional[bool] = None,
                                       management_set_https_advanced_settings_id: Optional[str] = None,
                                       retrieve_intermediate_ca_certificates: Optional[bool] = None,
                                       server_certificate_validation_actions: Optional[Mapping[str, str]] = None,
                                       site_categorization_allow_mode: Optional[str] = None)

func NewManagementSetHttpsAdvancedSettings(ctx *Context, name string, args *ManagementSetHttpsAdvancedSettingsArgs, opts ...ResourceOption) (*ManagementSetHttpsAdvancedSettings, error)

public ManagementSetHttpsAdvancedSettings(string name, ManagementSetHttpsAdvancedSettingsArgs? args = null, CustomResourceOptions? opts = null)

public ManagementSetHttpsAdvancedSettings(String name, ManagementSetHttpsAdvancedSettingsArgs args)
public ManagementSetHttpsAdvancedSettings(String name, ManagementSetHttpsAdvancedSettingsArgs args, CustomResourceOptions options)

type: checkpoint:ManagementSetHttpsAdvancedSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ManagementSetHttpsAdvancedSettingsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ManagementSetHttpsAdvancedSettingsArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ManagementSetHttpsAdvancedSettingsArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ManagementSetHttpsAdvancedSettingsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ManagementSetHttpsAdvancedSettingsArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var managementSetHttpsAdvancedSettingsResource = new Checkpoint.ManagementSetHttpsAdvancedSettings("managementSetHttpsAdvancedSettingsResource", new()
{
    BlockedCertificateTracking = "string",
    BlockedCertificates = new[]
    {
        new Checkpoint.Inputs.ManagementSetHttpsAdvancedSettingsBlockedCertificateArgs
        {
            CertSerialNumber = "string",
            Comments = "string",
            Name = "string",
        },
    },
    BypassOnClientFailure = false,
    BypassOnFailure = false,
    BypassUnderLoad = 
    {
        { "string", "string" },
    },
    BypassUpdateServices = false,
    CertificatePinnedAppsAction = "string",
    IgnoreErrors = false,
    IgnoreWarnings = false,
    LogSessions = false,
    ManagementSetHttpsAdvancedSettingsId = "string",
    RetrieveIntermediateCaCertificates = false,
    ServerCertificateValidationActions = 
    {
        { "string", "string" },
    },
    SiteCategorizationAllowMode = "string",
});

example, err := checkpoint.NewManagementSetHttpsAdvancedSettings(ctx, "managementSetHttpsAdvancedSettingsResource", &checkpoint.ManagementSetHttpsAdvancedSettingsArgs{
	BlockedCertificateTracking: pulumi.String("string"),
	BlockedCertificates: checkpoint.ManagementSetHttpsAdvancedSettingsBlockedCertificateArray{
		&checkpoint.ManagementSetHttpsAdvancedSettingsBlockedCertificateArgs{
			CertSerialNumber: pulumi.String("string"),
			Comments:         pulumi.String("string"),
			Name:             pulumi.String("string"),
		},
	},
	BypassOnClientFailure: pulumi.Bool(false),
	BypassOnFailure:       pulumi.Bool(false),
	BypassUnderLoad: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	BypassUpdateServices:                 pulumi.Bool(false),
	CertificatePinnedAppsAction:          pulumi.String("string"),
	IgnoreErrors:                         pulumi.Bool(false),
	IgnoreWarnings:                       pulumi.Bool(false),
	LogSessions:                          pulumi.Bool(false),
	ManagementSetHttpsAdvancedSettingsId: pulumi.String("string"),
	RetrieveIntermediateCaCertificates:   pulumi.Bool(false),
	ServerCertificateValidationActions: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	SiteCategorizationAllowMode: pulumi.String("string"),
})

var managementSetHttpsAdvancedSettingsResource = new ManagementSetHttpsAdvancedSettings("managementSetHttpsAdvancedSettingsResource", ManagementSetHttpsAdvancedSettingsArgs.builder()
    .blockedCertificateTracking("string")
    .blockedCertificates(ManagementSetHttpsAdvancedSettingsBlockedCertificateArgs.builder()
        .certSerialNumber("string")
        .comments("string")
        .name("string")
        .build())
    .bypassOnClientFailure(false)
    .bypassOnFailure(false)
    .bypassUnderLoad(Map.of("string", "string"))
    .bypassUpdateServices(false)
    .certificatePinnedAppsAction("string")
    .ignoreErrors(false)
    .ignoreWarnings(false)
    .logSessions(false)
    .managementSetHttpsAdvancedSettingsId("string")
    .retrieveIntermediateCaCertificates(false)
    .serverCertificateValidationActions(Map.of("string", "string"))
    .siteCategorizationAllowMode("string")
    .build());

management_set_https_advanced_settings_resource = checkpoint.ManagementSetHttpsAdvancedSettings("managementSetHttpsAdvancedSettingsResource",
    blocked_certificate_tracking="string",
    blocked_certificates=[{
        "cert_serial_number": "string",
        "comments": "string",
        "name": "string",
    }],
    bypass_on_client_failure=False,
    bypass_on_failure=False,
    bypass_under_load={
        "string": "string",
    },
    bypass_update_services=False,
    certificate_pinned_apps_action="string",
    ignore_errors=False,
    ignore_warnings=False,
    log_sessions=False,
    management_set_https_advanced_settings_id="string",
    retrieve_intermediate_ca_certificates=False,
    server_certificate_validation_actions={
        "string": "string",
    },
    site_categorization_allow_mode="string")

const managementSetHttpsAdvancedSettingsResource = new checkpoint.ManagementSetHttpsAdvancedSettings("managementSetHttpsAdvancedSettingsResource", {
    blockedCertificateTracking: "string",
    blockedCertificates: [{
        certSerialNumber: "string",
        comments: "string",
        name: "string",
    }],
    bypassOnClientFailure: false,
    bypassOnFailure: false,
    bypassUnderLoad: {
        string: "string",
    },
    bypassUpdateServices: false,
    certificatePinnedAppsAction: "string",
    ignoreErrors: false,
    ignoreWarnings: false,
    logSessions: false,
    managementSetHttpsAdvancedSettingsId: "string",
    retrieveIntermediateCaCertificates: false,
    serverCertificateValidationActions: {
        string: "string",
    },
    siteCategorizationAllowMode: "string",
});

type: checkpoint:ManagementSetHttpsAdvancedSettings
properties:
    blockedCertificateTracking: string
    blockedCertificates:
        - certSerialNumber: string
          comments: string
          name: string
    bypassOnClientFailure: false
    bypassOnFailure: false
    bypassUnderLoad:
        string: string
    bypassUpdateServices: false
    certificatePinnedAppsAction: string
    ignoreErrors: false
    ignoreWarnings: false
    logSessions: false
    managementSetHttpsAdvancedSettingsId: string
    retrieveIntermediateCaCertificates: false
    serverCertificateValidationActions:
        string: string
    siteCategorizationAllowMode: string

ManagementSetHttpsAdvancedSettings Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ManagementSetHttpsAdvancedSettings resource accepts the following input properties:

BlockedCertificateTracking string: Controls whether to log and send a notification for dropped traffic.None - Does not record the event.Log - Records the event details in SmartView.Alert - Logs the event and executes a command.Mail - Sends an email to the administrator.SNMP Trap - Sends an SNMP alert to the SNMP GU.User Defined Alert - Sends customized alerts..
BlockedCertificates List<ManagementSetHttpsAdvancedSettingsBlockedCertificate>: Collection of certificates objects identified by serial number.Drop traffic from servers using the blocked certificate.blocked_certificates blocks are documented below.
BypassOnClientFailure bool: Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during handshake)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
BypassOnFailure bool: Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server authentication)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
BypassUnderLoad Dictionary<string, string>: Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume as soon as the load decreases.bypass_under_load blocks are documented below.
BypassUpdateServices bool: Configure the value "true" to bypass traffic to well-known software update services.The default value is true.
CertificatePinnedAppsAction string: Configure the value "bypass" to bypass traffic from certificate-pinned applications approved by Check Point.HTTPS Inspection cannot inspect connections initiated by certificate-pinned applications.Configure the value "detect" to send logs for traffic from certificate-pinned applications approved by Check Point.The default value is bypass.
IgnoreErrors bool: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
IgnoreWarnings bool: Apply changes ignoring warnings.
LogSessions bool: The value "true" configures the Security Gateway to send HTTPS Inspection session logs.The default value is true.
ManagementSetHttpsAdvancedSettingsId string
RetrieveIntermediateCaCertificates bool: Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the certificate chain.The default value is true.
ServerCertificateValidationActions Dictionary<string, string>: When a Security Gateway receives an untrusted certificate from a website server, define when to drop the connection and how to track it.server_certificate_validation_actions blocks are documented below.
SiteCategorizationAllowMode string: Whether all requests should be allowed or blocked until categorization is complete.Background - to allow requests until categorization is complete.Hold- to block requests until categorization is complete.The default value is hold.

BlockedCertificateTracking string: Controls whether to log and send a notification for dropped traffic.None - Does not record the event.Log - Records the event details in SmartView.Alert - Logs the event and executes a command.Mail - Sends an email to the administrator.SNMP Trap - Sends an SNMP alert to the SNMP GU.User Defined Alert - Sends customized alerts..
BlockedCertificates []ManagementSetHttpsAdvancedSettingsBlockedCertificateArgs: Collection of certificates objects identified by serial number.Drop traffic from servers using the blocked certificate.blocked_certificates blocks are documented below.
BypassOnClientFailure bool: Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during handshake)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
BypassOnFailure bool: Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server authentication)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
BypassUnderLoad map[string]string: Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume as soon as the load decreases.bypass_under_load blocks are documented below.
BypassUpdateServices bool: Configure the value "true" to bypass traffic to well-known software update services.The default value is true.
CertificatePinnedAppsAction string: Configure the value "bypass" to bypass traffic from certificate-pinned applications approved by Check Point.HTTPS Inspection cannot inspect connections initiated by certificate-pinned applications.Configure the value "detect" to send logs for traffic from certificate-pinned applications approved by Check Point.The default value is bypass.
IgnoreErrors bool: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
IgnoreWarnings bool: Apply changes ignoring warnings.
LogSessions bool: The value "true" configures the Security Gateway to send HTTPS Inspection session logs.The default value is true.
ManagementSetHttpsAdvancedSettingsId string
RetrieveIntermediateCaCertificates bool: Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the certificate chain.The default value is true.
ServerCertificateValidationActions map[string]string: When a Security Gateway receives an untrusted certificate from a website server, define when to drop the connection and how to track it.server_certificate_validation_actions blocks are documented below.
SiteCategorizationAllowMode string: Whether all requests should be allowed or blocked until categorization is complete.Background - to allow requests until categorization is complete.Hold- to block requests until categorization is complete.The default value is hold.

blockedCertificateTracking String: Controls whether to log and send a notification for dropped traffic.None - Does not record the event.Log - Records the event details in SmartView.Alert - Logs the event and executes a command.Mail - Sends an email to the administrator.SNMP Trap - Sends an SNMP alert to the SNMP GU.User Defined Alert - Sends customized alerts..
blockedCertificates List<ManagementSetHttpsAdvancedSettingsBlockedCertificate>: Collection of certificates objects identified by serial number.Drop traffic from servers using the blocked certificate.blocked_certificates blocks are documented below.
bypassOnClientFailure Boolean: Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during handshake)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypassOnFailure Boolean: Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server authentication)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypassUnderLoad Map<String,String>: Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume as soon as the load decreases.bypass_under_load blocks are documented below.
bypassUpdateServices Boolean: Configure the value "true" to bypass traffic to well-known software update services.The default value is true.
certificatePinnedAppsAction String: Configure the value "bypass" to bypass traffic from certificate-pinned applications approved by Check Point.HTTPS Inspection cannot inspect connections initiated by certificate-pinned applications.Configure the value "detect" to send logs for traffic from certificate-pinned applications approved by Check Point.The default value is bypass.
ignoreErrors Boolean: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignoreWarnings Boolean: Apply changes ignoring warnings.
logSessions Boolean: The value "true" configures the Security Gateway to send HTTPS Inspection session logs.The default value is true.
managementSetHttpsAdvancedSettingsId String
retrieveIntermediateCaCertificates Boolean: Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the certificate chain.The default value is true.
serverCertificateValidationActions Map<String,String>: When a Security Gateway receives an untrusted certificate from a website server, define when to drop the connection and how to track it.server_certificate_validation_actions blocks are documented below.
siteCategorizationAllowMode String: Whether all requests should be allowed or blocked until categorization is complete.Background - to allow requests until categorization is complete.Hold- to block requests until categorization is complete.The default value is hold.

blockedCertificateTracking string: Controls whether to log and send a notification for dropped traffic.None - Does not record the event.Log - Records the event details in SmartView.Alert - Logs the event and executes a command.Mail - Sends an email to the administrator.SNMP Trap - Sends an SNMP alert to the SNMP GU.User Defined Alert - Sends customized alerts..
blockedCertificates ManagementSetHttpsAdvancedSettingsBlockedCertificate[]: Collection of certificates objects identified by serial number.Drop traffic from servers using the blocked certificate.blocked_certificates blocks are documented below.
bypassOnClientFailure boolean: Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during handshake)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypassOnFailure boolean: Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server authentication)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypassUnderLoad {[key: string]: string}: Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume as soon as the load decreases.bypass_under_load blocks are documented below.
bypassUpdateServices boolean: Configure the value "true" to bypass traffic to well-known software update services.The default value is true.
certificatePinnedAppsAction string: Configure the value "bypass" to bypass traffic from certificate-pinned applications approved by Check Point.HTTPS Inspection cannot inspect connections initiated by certificate-pinned applications.Configure the value "detect" to send logs for traffic from certificate-pinned applications approved by Check Point.The default value is bypass.
ignoreErrors boolean: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignoreWarnings boolean: Apply changes ignoring warnings.
logSessions boolean: The value "true" configures the Security Gateway to send HTTPS Inspection session logs.The default value is true.
managementSetHttpsAdvancedSettingsId string
retrieveIntermediateCaCertificates boolean: Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the certificate chain.The default value is true.
serverCertificateValidationActions {[key: string]: string}: When a Security Gateway receives an untrusted certificate from a website server, define when to drop the connection and how to track it.server_certificate_validation_actions blocks are documented below.
siteCategorizationAllowMode string: Whether all requests should be allowed or blocked until categorization is complete.Background - to allow requests until categorization is complete.Hold- to block requests until categorization is complete.The default value is hold.

blocked_certificate_tracking str: Controls whether to log and send a notification for dropped traffic.None - Does not record the event.Log - Records the event details in SmartView.Alert - Logs the event and executes a command.Mail - Sends an email to the administrator.SNMP Trap - Sends an SNMP alert to the SNMP GU.User Defined Alert - Sends customized alerts..
blocked_certificates Sequence[ManagementSetHttpsAdvancedSettingsBlockedCertificateArgs]: Collection of certificates objects identified by serial number.Drop traffic from servers using the blocked certificate.blocked_certificates blocks are documented below.
bypass_on_client_failure bool: Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during handshake)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypass_on_failure bool: Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server authentication)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypass_under_load Mapping[str, str]: Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume as soon as the load decreases.bypass_under_load blocks are documented below.
bypass_update_services bool: Configure the value "true" to bypass traffic to well-known software update services.The default value is true.
certificate_pinned_apps_action str: Configure the value "bypass" to bypass traffic from certificate-pinned applications approved by Check Point.HTTPS Inspection cannot inspect connections initiated by certificate-pinned applications.Configure the value "detect" to send logs for traffic from certificate-pinned applications approved by Check Point.The default value is bypass.
ignore_errors bool: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignore_warnings bool: Apply changes ignoring warnings.
log_sessions bool: The value "true" configures the Security Gateway to send HTTPS Inspection session logs.The default value is true.
management_set_https_advanced_settings_id str
retrieve_intermediate_ca_certificates bool: Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the certificate chain.The default value is true.
server_certificate_validation_actions Mapping[str, str]: When a Security Gateway receives an untrusted certificate from a website server, define when to drop the connection and how to track it.server_certificate_validation_actions blocks are documented below.
site_categorization_allow_mode str: Whether all requests should be allowed or blocked until categorization is complete.Background - to allow requests until categorization is complete.Hold- to block requests until categorization is complete.The default value is hold.

blockedCertificateTracking String: Controls whether to log and send a notification for dropped traffic.None - Does not record the event.Log - Records the event details in SmartView.Alert - Logs the event and executes a command.Mail - Sends an email to the administrator.SNMP Trap - Sends an SNMP alert to the SNMP GU.User Defined Alert - Sends customized alerts..
blockedCertificates List<Property Map>: Collection of certificates objects identified by serial number.Drop traffic from servers using the blocked certificate.blocked_certificates blocks are documented below.
bypassOnClientFailure Boolean: Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during handshake)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypassOnFailure Boolean: Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server authentication)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypassUnderLoad Map<String>: Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume as soon as the load decreases.bypass_under_load blocks are documented below.
bypassUpdateServices Boolean: Configure the value "true" to bypass traffic to well-known software update services.The default value is true.
certificatePinnedAppsAction String: Configure the value "bypass" to bypass traffic from certificate-pinned applications approved by Check Point.HTTPS Inspection cannot inspect connections initiated by certificate-pinned applications.Configure the value "detect" to send logs for traffic from certificate-pinned applications approved by Check Point.The default value is bypass.
ignoreErrors Boolean: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignoreWarnings Boolean: Apply changes ignoring warnings.
logSessions Boolean: The value "true" configures the Security Gateway to send HTTPS Inspection session logs.The default value is true.
managementSetHttpsAdvancedSettingsId String
retrieveIntermediateCaCertificates Boolean: Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the certificate chain.The default value is true.
serverCertificateValidationActions Map<String>: When a Security Gateway receives an untrusted certificate from a website server, define when to drop the connection and how to track it.server_certificate_validation_actions blocks are documented below.
siteCategorizationAllowMode String: Whether all requests should be allowed or blocked until categorization is complete.Background - to allow requests until categorization is complete.Hold- to block requests until categorization is complete.The default value is hold.

Outputs

All input properties are implicitly available as output properties. Additionally, the ManagementSetHttpsAdvancedSettings resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Uid string: Object unique identifier.

Id string: The provider-assigned unique ID for this managed resource.
Uid string: Object unique identifier.

id String: The provider-assigned unique ID for this managed resource.
uid String: Object unique identifier.

id string: The provider-assigned unique ID for this managed resource.
uid string: Object unique identifier.

id str: The provider-assigned unique ID for this managed resource.
uid str: Object unique identifier.

id String: The provider-assigned unique ID for this managed resource.
uid String: Object unique identifier.

Look up Existing ManagementSetHttpsAdvancedSettings Resource

Get an existing ManagementSetHttpsAdvancedSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ManagementSetHttpsAdvancedSettingsState, opts?: CustomResourceOptions): ManagementSetHttpsAdvancedSettings

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        blocked_certificate_tracking: Optional[str] = None,
        blocked_certificates: Optional[Sequence[ManagementSetHttpsAdvancedSettingsBlockedCertificateArgs]] = None,
        bypass_on_client_failure: Optional[bool] = None,
        bypass_on_failure: Optional[bool] = None,
        bypass_under_load: Optional[Mapping[str, str]] = None,
        bypass_update_services: Optional[bool] = None,
        certificate_pinned_apps_action: Optional[str] = None,
        ignore_errors: Optional[bool] = None,
        ignore_warnings: Optional[bool] = None,
        log_sessions: Optional[bool] = None,
        management_set_https_advanced_settings_id: Optional[str] = None,
        retrieve_intermediate_ca_certificates: Optional[bool] = None,
        server_certificate_validation_actions: Optional[Mapping[str, str]] = None,
        site_categorization_allow_mode: Optional[str] = None,
        uid: Optional[str] = None) -> ManagementSetHttpsAdvancedSettings

func GetManagementSetHttpsAdvancedSettings(ctx *Context, name string, id IDInput, state *ManagementSetHttpsAdvancedSettingsState, opts ...ResourceOption) (*ManagementSetHttpsAdvancedSettings, error)

public static ManagementSetHttpsAdvancedSettings Get(string name, Input<string> id, ManagementSetHttpsAdvancedSettingsState? state, CustomResourceOptions? opts = null)

public static ManagementSetHttpsAdvancedSettings get(String name, Output<String> id, ManagementSetHttpsAdvancedSettingsState state, CustomResourceOptions options)

resources:  _:    type: checkpoint:ManagementSetHttpsAdvancedSettings    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

BlockedCertificateTracking string: Controls whether to log and send a notification for dropped traffic.None - Does not record the event.Log - Records the event details in SmartView.Alert - Logs the event and executes a command.Mail - Sends an email to the administrator.SNMP Trap - Sends an SNMP alert to the SNMP GU.User Defined Alert - Sends customized alerts..
BlockedCertificates List<ManagementSetHttpsAdvancedSettingsBlockedCertificate>: Collection of certificates objects identified by serial number.Drop traffic from servers using the blocked certificate.blocked_certificates blocks are documented below.
BypassOnClientFailure bool: Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during handshake)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
BypassOnFailure bool: Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server authentication)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
BypassUnderLoad Dictionary<string, string>: Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume as soon as the load decreases.bypass_under_load blocks are documented below.
BypassUpdateServices bool: Configure the value "true" to bypass traffic to well-known software update services.The default value is true.
CertificatePinnedAppsAction string: Configure the value "bypass" to bypass traffic from certificate-pinned applications approved by Check Point.HTTPS Inspection cannot inspect connections initiated by certificate-pinned applications.Configure the value "detect" to send logs for traffic from certificate-pinned applications approved by Check Point.The default value is bypass.
IgnoreErrors bool: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
IgnoreWarnings bool: Apply changes ignoring warnings.
LogSessions bool: The value "true" configures the Security Gateway to send HTTPS Inspection session logs.The default value is true.
ManagementSetHttpsAdvancedSettingsId string
RetrieveIntermediateCaCertificates bool: Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the certificate chain.The default value is true.
ServerCertificateValidationActions Dictionary<string, string>: When a Security Gateway receives an untrusted certificate from a website server, define when to drop the connection and how to track it.server_certificate_validation_actions blocks are documented below.
SiteCategorizationAllowMode string: Whether all requests should be allowed or blocked until categorization is complete.Background - to allow requests until categorization is complete.Hold- to block requests until categorization is complete.The default value is hold.
Uid string: Object unique identifier.

BlockedCertificateTracking string: Controls whether to log and send a notification for dropped traffic.None - Does not record the event.Log - Records the event details in SmartView.Alert - Logs the event and executes a command.Mail - Sends an email to the administrator.SNMP Trap - Sends an SNMP alert to the SNMP GU.User Defined Alert - Sends customized alerts..
BlockedCertificates []ManagementSetHttpsAdvancedSettingsBlockedCertificateArgs: Collection of certificates objects identified by serial number.Drop traffic from servers using the blocked certificate.blocked_certificates blocks are documented below.
BypassOnClientFailure bool: Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during handshake)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
BypassOnFailure bool: Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server authentication)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
BypassUnderLoad map[string]string: Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume as soon as the load decreases.bypass_under_load blocks are documented below.
BypassUpdateServices bool: Configure the value "true" to bypass traffic to well-known software update services.The default value is true.
CertificatePinnedAppsAction string: Configure the value "bypass" to bypass traffic from certificate-pinned applications approved by Check Point.HTTPS Inspection cannot inspect connections initiated by certificate-pinned applications.Configure the value "detect" to send logs for traffic from certificate-pinned applications approved by Check Point.The default value is bypass.
IgnoreErrors bool: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
IgnoreWarnings bool: Apply changes ignoring warnings.
LogSessions bool: The value "true" configures the Security Gateway to send HTTPS Inspection session logs.The default value is true.
ManagementSetHttpsAdvancedSettingsId string
RetrieveIntermediateCaCertificates bool: Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the certificate chain.The default value is true.
ServerCertificateValidationActions map[string]string: When a Security Gateway receives an untrusted certificate from a website server, define when to drop the connection and how to track it.server_certificate_validation_actions blocks are documented below.
SiteCategorizationAllowMode string: Whether all requests should be allowed or blocked until categorization is complete.Background - to allow requests until categorization is complete.Hold- to block requests until categorization is complete.The default value is hold.
Uid string: Object unique identifier.

blockedCertificateTracking String: Controls whether to log and send a notification for dropped traffic.None - Does not record the event.Log - Records the event details in SmartView.Alert - Logs the event and executes a command.Mail - Sends an email to the administrator.SNMP Trap - Sends an SNMP alert to the SNMP GU.User Defined Alert - Sends customized alerts..
blockedCertificates List<ManagementSetHttpsAdvancedSettingsBlockedCertificate>: Collection of certificates objects identified by serial number.Drop traffic from servers using the blocked certificate.blocked_certificates blocks are documented below.
bypassOnClientFailure Boolean: Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during handshake)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypassOnFailure Boolean: Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server authentication)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypassUnderLoad Map<String,String>: Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume as soon as the load decreases.bypass_under_load blocks are documented below.
bypassUpdateServices Boolean: Configure the value "true" to bypass traffic to well-known software update services.The default value is true.
certificatePinnedAppsAction String: Configure the value "bypass" to bypass traffic from certificate-pinned applications approved by Check Point.HTTPS Inspection cannot inspect connections initiated by certificate-pinned applications.Configure the value "detect" to send logs for traffic from certificate-pinned applications approved by Check Point.The default value is bypass.
ignoreErrors Boolean: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignoreWarnings Boolean: Apply changes ignoring warnings.
logSessions Boolean: The value "true" configures the Security Gateway to send HTTPS Inspection session logs.The default value is true.
managementSetHttpsAdvancedSettingsId String
retrieveIntermediateCaCertificates Boolean: Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the certificate chain.The default value is true.
serverCertificateValidationActions Map<String,String>: When a Security Gateway receives an untrusted certificate from a website server, define when to drop the connection and how to track it.server_certificate_validation_actions blocks are documented below.
siteCategorizationAllowMode String: Whether all requests should be allowed or blocked until categorization is complete.Background - to allow requests until categorization is complete.Hold- to block requests until categorization is complete.The default value is hold.
uid String: Object unique identifier.

blockedCertificateTracking string: Controls whether to log and send a notification for dropped traffic.None - Does not record the event.Log - Records the event details in SmartView.Alert - Logs the event and executes a command.Mail - Sends an email to the administrator.SNMP Trap - Sends an SNMP alert to the SNMP GU.User Defined Alert - Sends customized alerts..
blockedCertificates ManagementSetHttpsAdvancedSettingsBlockedCertificate[]: Collection of certificates objects identified by serial number.Drop traffic from servers using the blocked certificate.blocked_certificates blocks are documented below.
bypassOnClientFailure boolean: Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during handshake)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypassOnFailure boolean: Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server authentication)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypassUnderLoad {[key: string]: string}: Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume as soon as the load decreases.bypass_under_load blocks are documented below.
bypassUpdateServices boolean: Configure the value "true" to bypass traffic to well-known software update services.The default value is true.
certificatePinnedAppsAction string: Configure the value "bypass" to bypass traffic from certificate-pinned applications approved by Check Point.HTTPS Inspection cannot inspect connections initiated by certificate-pinned applications.Configure the value "detect" to send logs for traffic from certificate-pinned applications approved by Check Point.The default value is bypass.
ignoreErrors boolean: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignoreWarnings boolean: Apply changes ignoring warnings.
logSessions boolean: The value "true" configures the Security Gateway to send HTTPS Inspection session logs.The default value is true.
managementSetHttpsAdvancedSettingsId string
retrieveIntermediateCaCertificates boolean: Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the certificate chain.The default value is true.
serverCertificateValidationActions {[key: string]: string}: When a Security Gateway receives an untrusted certificate from a website server, define when to drop the connection and how to track it.server_certificate_validation_actions blocks are documented below.
siteCategorizationAllowMode string: Whether all requests should be allowed or blocked until categorization is complete.Background - to allow requests until categorization is complete.Hold- to block requests until categorization is complete.The default value is hold.
uid string: Object unique identifier.

blocked_certificate_tracking str: Controls whether to log and send a notification for dropped traffic.None - Does not record the event.Log - Records the event details in SmartView.Alert - Logs the event and executes a command.Mail - Sends an email to the administrator.SNMP Trap - Sends an SNMP alert to the SNMP GU.User Defined Alert - Sends customized alerts..
blocked_certificates Sequence[ManagementSetHttpsAdvancedSettingsBlockedCertificateArgs]: Collection of certificates objects identified by serial number.Drop traffic from servers using the blocked certificate.blocked_certificates blocks are documented below.
bypass_on_client_failure bool: Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during handshake)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypass_on_failure bool: Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server authentication)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypass_under_load Mapping[str, str]: Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume as soon as the load decreases.bypass_under_load blocks are documented below.
bypass_update_services bool: Configure the value "true" to bypass traffic to well-known software update services.The default value is true.
certificate_pinned_apps_action str: Configure the value "bypass" to bypass traffic from certificate-pinned applications approved by Check Point.HTTPS Inspection cannot inspect connections initiated by certificate-pinned applications.Configure the value "detect" to send logs for traffic from certificate-pinned applications approved by Check Point.The default value is bypass.
ignore_errors bool: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignore_warnings bool: Apply changes ignoring warnings.
log_sessions bool: The value "true" configures the Security Gateway to send HTTPS Inspection session logs.The default value is true.
management_set_https_advanced_settings_id str
retrieve_intermediate_ca_certificates bool: Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the certificate chain.The default value is true.
server_certificate_validation_actions Mapping[str, str]: When a Security Gateway receives an untrusted certificate from a website server, define when to drop the connection and how to track it.server_certificate_validation_actions blocks are documented below.
site_categorization_allow_mode str: Whether all requests should be allowed or blocked until categorization is complete.Background - to allow requests until categorization is complete.Hold- to block requests until categorization is complete.The default value is hold.
uid str: Object unique identifier.

blockedCertificateTracking String: Controls whether to log and send a notification for dropped traffic.None - Does not record the event.Log - Records the event details in SmartView.Alert - Logs the event and executes a command.Mail - Sends an email to the administrator.SNMP Trap - Sends an SNMP alert to the SNMP GU.User Defined Alert - Sends customized alerts..
blockedCertificates List<Property Map>: Collection of certificates objects identified by serial number.Drop traffic from servers using the blocked certificate.blocked_certificates blocks are documented below.
bypassOnClientFailure Boolean: Whether all requests should be bypassed or blocked-in case of client errors (Client closes the connection due to authentication issues during handshake)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypassOnFailure Boolean: Whether all requests should be bypassed or blocked-in case of server errors (for example validation error during GW-Server authentication)true - Fail-open (bypass all requests).false - Fail-close (block all requests.The default value is true.
bypassUnderLoad Map<String>: Bypass the HTTPS Inspection temporarily to improve connectivity during a heavy load on the Security Gateway. The HTTPS Inspection would resume as soon as the load decreases.bypass_under_load blocks are documented below.
bypassUpdateServices Boolean: Configure the value "true" to bypass traffic to well-known software update services.The default value is true.
certificatePinnedAppsAction String: Configure the value "bypass" to bypass traffic from certificate-pinned applications approved by Check Point.HTTPS Inspection cannot inspect connections initiated by certificate-pinned applications.Configure the value "detect" to send logs for traffic from certificate-pinned applications approved by Check Point.The default value is bypass.
ignoreErrors Boolean: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignoreWarnings Boolean: Apply changes ignoring warnings.
logSessions Boolean: The value "true" configures the Security Gateway to send HTTPS Inspection session logs.The default value is true.
managementSetHttpsAdvancedSettingsId String
retrieveIntermediateCaCertificates Boolean: Configure the value "true" to use the "Certificate Authority Information Access" extension to retrieve certificates that are missing from the certificate chain.The default value is true.
serverCertificateValidationActions Map<String>: When a Security Gateway receives an untrusted certificate from a website server, define when to drop the connection and how to track it.server_certificate_validation_actions blocks are documented below.
siteCategorizationAllowMode String: Whether all requests should be allowed or blocked until categorization is complete.Background - to allow requests until categorization is complete.Hold- to block requests until categorization is complete.The default value is hold.
uid String: Object unique identifier.

Supporting Types

ManagementSetHttpsAdvancedSettingsBlockedCertificate, ManagementSetHttpsAdvancedSettingsBlockedCertificateArgs

CertSerialNumber string: Certificate Serial Number (unique) in hexadecimal format HH:HH.
Comments string: Describes the certificate by default, can be overridden by any text.
Name string: Describes the name, cannot be overridden.

CertSerialNumber string: Certificate Serial Number (unique) in hexadecimal format HH:HH.
Comments string: Describes the certificate by default, can be overridden by any text.
Name string: Describes the name, cannot be overridden.

certSerialNumber String: Certificate Serial Number (unique) in hexadecimal format HH:HH.
comments String: Describes the certificate by default, can be overridden by any text.
name String: Describes the name, cannot be overridden.

certSerialNumber string: Certificate Serial Number (unique) in hexadecimal format HH:HH.
comments string: Describes the certificate by default, can be overridden by any text.
name string: Describes the name, cannot be overridden.

cert_serial_number str: Certificate Serial Number (unique) in hexadecimal format HH:HH.
comments str: Describes the certificate by default, can be overridden by any text.
name str: Describes the name, cannot be overridden.

certSerialNumber String: Certificate Serial Number (unique) in hexadecimal format HH:HH.
comments String: Describes the certificate by default, can be overridden by any text.
name String: Describes the name, cannot be overridden.

Package Details

Repository: checkpoint checkpointsw/terraform-provider-checkpoint
License
Notes: This Pulumi package is based on the checkpoint Terraform Provider.

checkpoint 2.9.0 published on Monday, Apr 14, 2025 by checkpointsw

checkpointsw/terraform-provider-checkpoint

checkpoint.ManagementSetHttpsAdvancedSettings

On this page

On this page

Create ManagementSetHttpsAdvancedSettings Resource

Constructor syntax

Parameters

Constructor example

ManagementSetHttpsAdvancedSettings Resource Properties

Inputs

Outputs

Look up Existing ManagementSetHttpsAdvancedSettings Resource

Supporting Types

ManagementSetHttpsAdvancedSettingsBlockedCertificate, ManagementSetHttpsAdvancedSettingsBlockedCertificateArgs

Package Details

On this page

On this page