Docs
PackagesFortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse
fortios.firewall.Sslsshprofile
Explore with Pulumi AI
Configure SSL/SSH protocol options.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const t1 = new fortios.firewall.Sslsshprofile("t1", {
ftps: {
ports: "990",
},
https: {
ports: "443 127 422 392",
},
imaps: {
ports: "993 1123",
},
pop3s: {
ports: "995",
},
smtps: {
ports: "465",
},
ssl: {
inspectAll: "disable",
},
});
const t2 = new fortios.firewall.Sslsshprofile("t2", {
https: {
ports: "443",
},
ssl: {
inspectAll: "deep-inspection",
},
});
import pulumi
import pulumiverse_fortios as fortios
t1 = fortios.firewall.Sslsshprofile("t1",
ftps=fortios.firewall.SslsshprofileFtpsArgs(
ports="990",
),
https=fortios.firewall.SslsshprofileHttpsArgs(
ports="443 127 422 392",
),
imaps=fortios.firewall.SslsshprofileImapsArgs(
ports="993 1123",
),
pop3s=fortios.firewall.SslsshprofilePop3sArgs(
ports="995",
),
smtps=fortios.firewall.SslsshprofileSmtpsArgs(
ports="465",
),
ssl=fortios.firewall.SslsshprofileSslArgs(
inspect_all="disable",
))
t2 = fortios.firewall.Sslsshprofile("t2",
https=fortios.firewall.SslsshprofileHttpsArgs(
ports="443",
),
ssl=fortios.firewall.SslsshprofileSslArgs(
inspect_all="deep-inspection",
))
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := firewall.NewSslsshprofile(ctx, "t1", &firewall.SslsshprofileArgs{
Ftps: &firewall.SslsshprofileFtpsArgs{
Ports: pulumi.String("990"),
},
Https: &firewall.SslsshprofileHttpsArgs{
Ports: pulumi.String("443 127 422 392"),
},
Imaps: &firewall.SslsshprofileImapsArgs{
Ports: pulumi.String("993 1123"),
},
Pop3s: &firewall.SslsshprofilePop3sArgs{
Ports: pulumi.String("995"),
},
Smtps: &firewall.SslsshprofileSmtpsArgs{
Ports: pulumi.String("465"),
},
Ssl: &firewall.SslsshprofileSslArgs{
InspectAll: pulumi.String("disable"),
},
})
if err != nil {
return err
}
_, err = firewall.NewSslsshprofile(ctx, "t2", &firewall.SslsshprofileArgs{
Https: &firewall.SslsshprofileHttpsArgs{
Ports: pulumi.String("443"),
},
Ssl: &firewall.SslsshprofileSslArgs{
InspectAll: pulumi.String("deep-inspection"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var t1 = new Fortios.Firewall.Sslsshprofile("t1", new()
{
Ftps = new Fortios.Firewall.Inputs.SslsshprofileFtpsArgs
{
Ports = "990",
},
Https = new Fortios.Firewall.Inputs.SslsshprofileHttpsArgs
{
Ports = "443 127 422 392",
},
Imaps = new Fortios.Firewall.Inputs.SslsshprofileImapsArgs
{
Ports = "993 1123",
},
Pop3s = new Fortios.Firewall.Inputs.SslsshprofilePop3sArgs
{
Ports = "995",
},
Smtps = new Fortios.Firewall.Inputs.SslsshprofileSmtpsArgs
{
Ports = "465",
},
Ssl = new Fortios.Firewall.Inputs.SslsshprofileSslArgs
{
InspectAll = "disable",
},
});
var t2 = new Fortios.Firewall.Sslsshprofile("t2", new()
{
Https = new Fortios.Firewall.Inputs.SslsshprofileHttpsArgs
{
Ports = "443",
},
Ssl = new Fortios.Firewall.Inputs.SslsshprofileSslArgs
{
InspectAll = "deep-inspection",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.firewall.Sslsshprofile;
import com.pulumi.fortios.firewall.SslsshprofileArgs;
import com.pulumi.fortios.firewall.inputs.SslsshprofileFtpsArgs;
import com.pulumi.fortios.firewall.inputs.SslsshprofileHttpsArgs;
import com.pulumi.fortios.firewall.inputs.SslsshprofileImapsArgs;
import com.pulumi.fortios.firewall.inputs.SslsshprofilePop3sArgs;
import com.pulumi.fortios.firewall.inputs.SslsshprofileSmtpsArgs;
import com.pulumi.fortios.firewall.inputs.SslsshprofileSslArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var t1 = new Sslsshprofile("t1", SslsshprofileArgs.builder()
.ftps(SslsshprofileFtpsArgs.builder()
.ports(990)
.build())
.https(SslsshprofileHttpsArgs.builder()
.ports("443 127 422 392")
.build())
.imaps(SslsshprofileImapsArgs.builder()
.ports("993 1123")
.build())
.pop3s(SslsshprofilePop3sArgs.builder()
.ports(995)
.build())
.smtps(SslsshprofileSmtpsArgs.builder()
.ports(465)
.build())
.ssl(SslsshprofileSslArgs.builder()
.inspectAll("disable")
.build())
.build());
var t2 = new Sslsshprofile("t2", SslsshprofileArgs.builder()
.https(SslsshprofileHttpsArgs.builder()
.ports(443)
.build())
.ssl(SslsshprofileSslArgs.builder()
.inspectAll("deep-inspection")
.build())
.build());
}
}
resources:
t1:
type: fortios:firewall:Sslsshprofile
properties:
ftps:
ports: 990
https:
ports: 443 127 422 392
imaps:
ports: 993 1123
pop3s:
ports: 995
smtps:
ports: 465
ssl:
inspectAll: disable
t2:
type: fortios:firewall:Sslsshprofile
properties:
https:
ports: 443
ssl:
inspectAll: deep-inspection
Create Sslsshprofile Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Sslsshprofile(name: string, args?: SslsshprofileArgs, opts?: CustomResourceOptions);@overload
def Sslsshprofile(resource_name: str,
args: Optional[SslsshprofileArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Sslsshprofile(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowlist: Optional[str] = None,
block_blacklisted_certificates: Optional[str] = None,
block_blocklisted_certificates: Optional[str] = None,
caname: Optional[str] = None,
comment: Optional[str] = None,
dot: Optional[SslsshprofileDotArgs] = None,
dynamic_sort_subtable: Optional[str] = None,
ech_outer_snis: Optional[Sequence[SslsshprofileEchOuterSniArgs]] = None,
ftps: Optional[SslsshprofileFtpsArgs] = None,
get_all_tables: Optional[str] = None,
https: Optional[SslsshprofileHttpsArgs] = None,
imaps: Optional[SslsshprofileImapsArgs] = None,
mapi_over_https: Optional[str] = None,
name: Optional[str] = None,
pop3s: Optional[SslsshprofilePop3sArgs] = None,
rpc_over_https: Optional[str] = None,
server_cert: Optional[str] = None,
server_cert_mode: Optional[str] = None,
smtps: Optional[SslsshprofileSmtpsArgs] = None,
ssh: Optional[SslsshprofileSshArgs] = None,
ssl: Optional[SslsshprofileSslArgs] = None,
ssl_anomalies_log: Optional[str] = None,
ssl_anomaly_log: Optional[str] = None,
ssl_exemption_ip_rating: Optional[str] = None,
ssl_exemption_log: Optional[str] = None,
ssl_exemptions_log: Optional[str] = None,
ssl_exempts: Optional[Sequence[SslsshprofileSslExemptArgs]] = None,
ssl_handshake_log: Optional[str] = None,
ssl_negotiation_log: Optional[str] = None,
ssl_server_cert_log: Optional[str] = None,
ssl_servers: Optional[Sequence[SslsshprofileSslServerArgs]] = None,
supported_alpn: Optional[str] = None,
untrusted_caname: Optional[str] = None,
use_ssl_server: Optional[str] = None,
vdomparam: Optional[str] = None,
whitelist: Optional[str] = None)func NewSslsshprofile(ctx *Context, name string, args *SslsshprofileArgs, opts ...ResourceOption) (*Sslsshprofile, error)public Sslsshprofile(string name, SslsshprofileArgs? args = null, CustomResourceOptions? opts = null)
public Sslsshprofile(String name, SslsshprofileArgs args)
public Sslsshprofile(String name, SslsshprofileArgs args, CustomResourceOptions options)
type: fortios:firewall:Sslsshprofile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SslsshprofileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SslsshprofileArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SslsshprofileArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SslsshprofileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SslsshprofileArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var sslsshprofileResource = new Fortios.Firewall.Sslsshprofile("sslsshprofileResource", new()
{
Allowlist = "string",
BlockBlacklistedCertificates = "string",
BlockBlocklistedCertificates = "string",
Caname = "string",
Comment = "string",
Dot = new Fortios.Firewall.Inputs.SslsshprofileDotArgs
{
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertificate = "string",
ExpiredServerCert = "string",
ProxyAfterTcpHandshake = "string",
Quic = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
Status = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedServerCert = "string",
},
DynamicSortSubtable = "string",
EchOuterSnis = new[]
{
new Fortios.Firewall.Inputs.SslsshprofileEchOuterSniArgs
{
Name = "string",
Sni = "string",
},
},
Ftps = new Fortios.Firewall.Inputs.SslsshprofileFtpsArgs
{
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertRequest = "string",
ClientCertificate = "string",
ExpiredServerCert = "string",
InvalidServerCert = "string",
MinAllowedSslVersion = "string",
Ports = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
Status = "string",
UnsupportedSsl = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedServerCert = "string",
},
GetAllTables = "string",
Https = new Fortios.Firewall.Inputs.SslsshprofileHttpsArgs
{
CertProbeFailure = "string",
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertRequest = "string",
ClientCertificate = "string",
EncryptedClientHello = "string",
ExpiredServerCert = "string",
InvalidServerCert = "string",
MinAllowedSslVersion = "string",
Ports = "string",
ProxyAfterTcpHandshake = "string",
Quic = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
Status = "string",
UnsupportedSsl = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedServerCert = "string",
},
Imaps = new Fortios.Firewall.Inputs.SslsshprofileImapsArgs
{
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertRequest = "string",
ClientCertificate = "string",
ExpiredServerCert = "string",
InvalidServerCert = "string",
Ports = "string",
ProxyAfterTcpHandshake = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
Status = "string",
UnsupportedSsl = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedServerCert = "string",
},
MapiOverHttps = "string",
Name = "string",
Pop3s = new Fortios.Firewall.Inputs.SslsshprofilePop3sArgs
{
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertRequest = "string",
ClientCertificate = "string",
ExpiredServerCert = "string",
InvalidServerCert = "string",
Ports = "string",
ProxyAfterTcpHandshake = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
Status = "string",
UnsupportedSsl = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedServerCert = "string",
},
RpcOverHttps = "string",
ServerCert = "string",
ServerCertMode = "string",
Smtps = new Fortios.Firewall.Inputs.SslsshprofileSmtpsArgs
{
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertRequest = "string",
ClientCertificate = "string",
ExpiredServerCert = "string",
InvalidServerCert = "string",
Ports = "string",
ProxyAfterTcpHandshake = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
Status = "string",
UnsupportedSsl = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedServerCert = "string",
},
Ssh = new Fortios.Firewall.Inputs.SslsshprofileSshArgs
{
InspectAll = "string",
Ports = "string",
ProxyAfterTcpHandshake = "string",
SshAlgorithm = "string",
SshPolicyCheck = "string",
SshTunPolicyCheck = "string",
Status = "string",
UnsupportedVersion = "string",
},
Ssl = new Fortios.Firewall.Inputs.SslsshprofileSslArgs
{
CertProbeFailure = "string",
CertValidationFailure = "string",
CertValidationTimeout = "string",
ClientCertRequest = "string",
ClientCertificate = "string",
EncryptedClientHello = "string",
ExpiredServerCert = "string",
InspectAll = "string",
InvalidServerCert = "string",
MinAllowedSslVersion = "string",
RevokedServerCert = "string",
SniServerCertCheck = "string",
UnsupportedSsl = "string",
UnsupportedSslCipher = "string",
UnsupportedSslNegotiation = "string",
UnsupportedSslVersion = "string",
UntrustedServerCert = "string",
},
SslAnomaliesLog = "string",
SslAnomalyLog = "string",
SslExemptionIpRating = "string",
SslExemptionLog = "string",
SslExemptionsLog = "string",
SslExempts = new[]
{
new Fortios.Firewall.Inputs.SslsshprofileSslExemptArgs
{
Address = "string",
Address6 = "string",
FortiguardCategory = 0,
Id = 0,
Regex = "string",
Type = "string",
WildcardFqdn = "string",
},
},
SslHandshakeLog = "string",
SslNegotiationLog = "string",
SslServerCertLog = "string",
SslServers = new[]
{
new Fortios.Firewall.Inputs.SslsshprofileSslServerArgs
{
FtpsClientCertRequest = "string",
FtpsClientCertificate = "string",
HttpsClientCertRequest = "string",
HttpsClientCertificate = "string",
Id = 0,
ImapsClientCertRequest = "string",
ImapsClientCertificate = "string",
Ip = "string",
Pop3sClientCertRequest = "string",
Pop3sClientCertificate = "string",
SmtpsClientCertRequest = "string",
SmtpsClientCertificate = "string",
SslOtherClientCertRequest = "string",
SslOtherClientCertificate = "string",
},
},
SupportedAlpn = "string",
UntrustedCaname = "string",
UseSslServer = "string",
Vdomparam = "string",
Whitelist = "string",
});
example, err := firewall.NewSslsshprofile(ctx, "sslsshprofileResource", &firewall.SslsshprofileArgs{
Allowlist: pulumi.String("string"),
BlockBlacklistedCertificates: pulumi.String("string"),
BlockBlocklistedCertificates: pulumi.String("string"),
Caname: pulumi.String("string"),
Comment: pulumi.String("string"),
Dot: &firewall.SslsshprofileDotArgs{
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
ProxyAfterTcpHandshake: pulumi.String("string"),
Quic: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
DynamicSortSubtable: pulumi.String("string"),
EchOuterSnis: firewall.SslsshprofileEchOuterSniArray{
&firewall.SslsshprofileEchOuterSniArgs{
Name: pulumi.String("string"),
Sni: pulumi.String("string"),
},
},
Ftps: &firewall.SslsshprofileFtpsArgs{
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
GetAllTables: pulumi.String("string"),
Https: &firewall.SslsshprofileHttpsArgs{
CertProbeFailure: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
EncryptedClientHello: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.String("string"),
ProxyAfterTcpHandshake: pulumi.String("string"),
Quic: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
Imaps: &firewall.SslsshprofileImapsArgs{
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
Ports: pulumi.String("string"),
ProxyAfterTcpHandshake: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
MapiOverHttps: pulumi.String("string"),
Name: pulumi.String("string"),
Pop3s: &firewall.SslsshprofilePop3sArgs{
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
Ports: pulumi.String("string"),
ProxyAfterTcpHandshake: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
RpcOverHttps: pulumi.String("string"),
ServerCert: pulumi.String("string"),
ServerCertMode: pulumi.String("string"),
Smtps: &firewall.SslsshprofileSmtpsArgs{
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
Ports: pulumi.String("string"),
ProxyAfterTcpHandshake: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
Ssh: &firewall.SslsshprofileSshArgs{
InspectAll: pulumi.String("string"),
Ports: pulumi.String("string"),
ProxyAfterTcpHandshake: pulumi.String("string"),
SshAlgorithm: pulumi.String("string"),
SshPolicyCheck: pulumi.String("string"),
SshTunPolicyCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedVersion: pulumi.String("string"),
},
Ssl: &firewall.SslsshprofileSslArgs{
CertProbeFailure: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
EncryptedClientHello: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InspectAll: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
SslAnomaliesLog: pulumi.String("string"),
SslAnomalyLog: pulumi.String("string"),
SslExemptionIpRating: pulumi.String("string"),
SslExemptionLog: pulumi.String("string"),
SslExemptionsLog: pulumi.String("string"),
SslExempts: firewall.SslsshprofileSslExemptArray{
&firewall.SslsshprofileSslExemptArgs{
Address: pulumi.String("string"),
Address6: pulumi.String("string"),
FortiguardCategory: pulumi.Int(0),
Id: pulumi.Int(0),
Regex: pulumi.String("string"),
Type: pulumi.String("string"),
WildcardFqdn: pulumi.String("string"),
},
},
SslHandshakeLog: pulumi.String("string"),
SslNegotiationLog: pulumi.String("string"),
SslServerCertLog: pulumi.String("string"),
SslServers: firewall.SslsshprofileSslServerArray{
&firewall.SslsshprofileSslServerArgs{
FtpsClientCertRequest: pulumi.String("string"),
FtpsClientCertificate: pulumi.String("string"),
HttpsClientCertRequest: pulumi.String("string"),
HttpsClientCertificate: pulumi.String("string"),
Id: pulumi.Int(0),
ImapsClientCertRequest: pulumi.String("string"),
ImapsClientCertificate: pulumi.String("string"),
Ip: pulumi.String("string"),
Pop3sClientCertRequest: pulumi.String("string"),
Pop3sClientCertificate: pulumi.String("string"),
SmtpsClientCertRequest: pulumi.String("string"),
SmtpsClientCertificate: pulumi.String("string"),
SslOtherClientCertRequest: pulumi.String("string"),
SslOtherClientCertificate: pulumi.String("string"),
},
},
SupportedAlpn: pulumi.String("string"),
UntrustedCaname: pulumi.String("string"),
UseSslServer: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
Whitelist: pulumi.String("string"),
})
var sslsshprofileResource = new Sslsshprofile("sslsshprofileResource", SslsshprofileArgs.builder()
.allowlist("string")
.blockBlacklistedCertificates("string")
.blockBlocklistedCertificates("string")
.caname("string")
.comment("string")
.dot(SslsshprofileDotArgs.builder()
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertificate("string")
.expiredServerCert("string")
.proxyAfterTcpHandshake("string")
.quic("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.status("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedServerCert("string")
.build())
.dynamicSortSubtable("string")
.echOuterSnis(SslsshprofileEchOuterSniArgs.builder()
.name("string")
.sni("string")
.build())
.ftps(SslsshprofileFtpsArgs.builder()
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertRequest("string")
.clientCertificate("string")
.expiredServerCert("string")
.invalidServerCert("string")
.minAllowedSslVersion("string")
.ports("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.status("string")
.unsupportedSsl("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedServerCert("string")
.build())
.getAllTables("string")
.https(SslsshprofileHttpsArgs.builder()
.certProbeFailure("string")
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertRequest("string")
.clientCertificate("string")
.encryptedClientHello("string")
.expiredServerCert("string")
.invalidServerCert("string")
.minAllowedSslVersion("string")
.ports("string")
.proxyAfterTcpHandshake("string")
.quic("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.status("string")
.unsupportedSsl("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedServerCert("string")
.build())
.imaps(SslsshprofileImapsArgs.builder()
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertRequest("string")
.clientCertificate("string")
.expiredServerCert("string")
.invalidServerCert("string")
.ports("string")
.proxyAfterTcpHandshake("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.status("string")
.unsupportedSsl("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedServerCert("string")
.build())
.mapiOverHttps("string")
.name("string")
.pop3s(SslsshprofilePop3sArgs.builder()
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertRequest("string")
.clientCertificate("string")
.expiredServerCert("string")
.invalidServerCert("string")
.ports("string")
.proxyAfterTcpHandshake("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.status("string")
.unsupportedSsl("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedServerCert("string")
.build())
.rpcOverHttps("string")
.serverCert("string")
.serverCertMode("string")
.smtps(SslsshprofileSmtpsArgs.builder()
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertRequest("string")
.clientCertificate("string")
.expiredServerCert("string")
.invalidServerCert("string")
.ports("string")
.proxyAfterTcpHandshake("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.status("string")
.unsupportedSsl("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedServerCert("string")
.build())
.ssh(SslsshprofileSshArgs.builder()
.inspectAll("string")
.ports("string")
.proxyAfterTcpHandshake("string")
.sshAlgorithm("string")
.sshPolicyCheck("string")
.sshTunPolicyCheck("string")
.status("string")
.unsupportedVersion("string")
.build())
.ssl(SslsshprofileSslArgs.builder()
.certProbeFailure("string")
.certValidationFailure("string")
.certValidationTimeout("string")
.clientCertRequest("string")
.clientCertificate("string")
.encryptedClientHello("string")
.expiredServerCert("string")
.inspectAll("string")
.invalidServerCert("string")
.minAllowedSslVersion("string")
.revokedServerCert("string")
.sniServerCertCheck("string")
.unsupportedSsl("string")
.unsupportedSslCipher("string")
.unsupportedSslNegotiation("string")
.unsupportedSslVersion("string")
.untrustedServerCert("string")
.build())
.sslAnomaliesLog("string")
.sslAnomalyLog("string")
.sslExemptionIpRating("string")
.sslExemptionLog("string")
.sslExemptionsLog("string")
.sslExempts(SslsshprofileSslExemptArgs.builder()
.address("string")
.address6("string")
.fortiguardCategory(0)
.id(0)
.regex("string")
.type("string")
.wildcardFqdn("string")
.build())
.sslHandshakeLog("string")
.sslNegotiationLog("string")
.sslServerCertLog("string")
.sslServers(SslsshprofileSslServerArgs.builder()
.ftpsClientCertRequest("string")
.ftpsClientCertificate("string")
.httpsClientCertRequest("string")
.httpsClientCertificate("string")
.id(0)
.imapsClientCertRequest("string")
.imapsClientCertificate("string")
.ip("string")
.pop3sClientCertRequest("string")
.pop3sClientCertificate("string")
.smtpsClientCertRequest("string")
.smtpsClientCertificate("string")
.sslOtherClientCertRequest("string")
.sslOtherClientCertificate("string")
.build())
.supportedAlpn("string")
.untrustedCaname("string")
.useSslServer("string")
.vdomparam("string")
.whitelist("string")
.build());
sslsshprofile_resource = fortios.firewall.Sslsshprofile("sslsshprofileResource",
allowlist="string",
block_blacklisted_certificates="string",
block_blocklisted_certificates="string",
caname="string",
comment="string",
dot=fortios.firewall.SslsshprofileDotArgs(
cert_validation_failure="string",
cert_validation_timeout="string",
client_certificate="string",
expired_server_cert="string",
proxy_after_tcp_handshake="string",
quic="string",
revoked_server_cert="string",
sni_server_cert_check="string",
status="string",
unsupported_ssl_cipher="string",
unsupported_ssl_negotiation="string",
unsupported_ssl_version="string",
untrusted_server_cert="string",
),
dynamic_sort_subtable="string",
ech_outer_snis=[fortios.firewall.SslsshprofileEchOuterSniArgs(
name="string",
sni="string",
)],
ftps=fortios.firewall.SslsshprofileFtpsArgs(
cert_validation_failure="string",
cert_validation_timeout="string",
client_cert_request="string",
client_certificate="string",
expired_server_cert="string",
invalid_server_cert="string",
min_allowed_ssl_version="string",
ports="string",
revoked_server_cert="string",
sni_server_cert_check="string",
status="string",
unsupported_ssl="string",
unsupported_ssl_cipher="string",
unsupported_ssl_negotiation="string",
unsupported_ssl_version="string",
untrusted_server_cert="string",
),
get_all_tables="string",
https=fortios.firewall.SslsshprofileHttpsArgs(
cert_probe_failure="string",
cert_validation_failure="string",
cert_validation_timeout="string",
client_cert_request="string",
client_certificate="string",
encrypted_client_hello="string",
expired_server_cert="string",
invalid_server_cert="string",
min_allowed_ssl_version="string",
ports="string",
proxy_after_tcp_handshake="string",
quic="string",
revoked_server_cert="string",
sni_server_cert_check="string",
status="string",
unsupported_ssl="string",
unsupported_ssl_cipher="string",
unsupported_ssl_negotiation="string",
unsupported_ssl_version="string",
untrusted_server_cert="string",
),
imaps=fortios.firewall.SslsshprofileImapsArgs(
cert_validation_failure="string",
cert_validation_timeout="string",
client_cert_request="string",
client_certificate="string",
expired_server_cert="string",
invalid_server_cert="string",
ports="string",
proxy_after_tcp_handshake="string",
revoked_server_cert="string",
sni_server_cert_check="string",
status="string",
unsupported_ssl="string",
unsupported_ssl_cipher="string",
unsupported_ssl_negotiation="string",
unsupported_ssl_version="string",
untrusted_server_cert="string",
),
mapi_over_https="string",
name="string",
pop3s=fortios.firewall.SslsshprofilePop3sArgs(
cert_validation_failure="string",
cert_validation_timeout="string",
client_cert_request="string",
client_certificate="string",
expired_server_cert="string",
invalid_server_cert="string",
ports="string",
proxy_after_tcp_handshake="string",
revoked_server_cert="string",
sni_server_cert_check="string",
status="string",
unsupported_ssl="string",
unsupported_ssl_cipher="string",
unsupported_ssl_negotiation="string",
unsupported_ssl_version="string",
untrusted_server_cert="string",
),
rpc_over_https="string",
server_cert="string",
server_cert_mode="string",
smtps=fortios.firewall.SslsshprofileSmtpsArgs(
cert_validation_failure="string",
cert_validation_timeout="string",
client_cert_request="string",
client_certificate="string",
expired_server_cert="string",
invalid_server_cert="string",
ports="string",
proxy_after_tcp_handshake="string",
revoked_server_cert="string",
sni_server_cert_check="string",
status="string",
unsupported_ssl="string",
unsupported_ssl_cipher="string",
unsupported_ssl_negotiation="string",
unsupported_ssl_version="string",
untrusted_server_cert="string",
),
ssh=fortios.firewall.SslsshprofileSshArgs(
inspect_all="string",
ports="string",
proxy_after_tcp_handshake="string",
ssh_algorithm="string",
ssh_policy_check="string",
ssh_tun_policy_check="string",
status="string",
unsupported_version="string",
),
ssl=fortios.firewall.SslsshprofileSslArgs(
cert_probe_failure="string",
cert_validation_failure="string",
cert_validation_timeout="string",
client_cert_request="string",
client_certificate="string",
encrypted_client_hello="string",
expired_server_cert="string",
inspect_all="string",
invalid_server_cert="string",
min_allowed_ssl_version="string",
revoked_server_cert="string",
sni_server_cert_check="string",
unsupported_ssl="string",
unsupported_ssl_cipher="string",
unsupported_ssl_negotiation="string",
unsupported_ssl_version="string",
untrusted_server_cert="string",
),
ssl_anomalies_log="string",
ssl_anomaly_log="string",
ssl_exemption_ip_rating="string",
ssl_exemption_log="string",
ssl_exemptions_log="string",
ssl_exempts=[fortios.firewall.SslsshprofileSslExemptArgs(
address="string",
address6="string",
fortiguard_category=0,
id=0,
regex="string",
type="string",
wildcard_fqdn="string",
)],
ssl_handshake_log="string",
ssl_negotiation_log="string",
ssl_server_cert_log="string",
ssl_servers=[fortios.firewall.SslsshprofileSslServerArgs(
ftps_client_cert_request="string",
ftps_client_certificate="string",
https_client_cert_request="string",
https_client_certificate="string",
id=0,
imaps_client_cert_request="string",
imaps_client_certificate="string",
ip="string",
pop3s_client_cert_request="string",
pop3s_client_certificate="string",
smtps_client_cert_request="string",
smtps_client_certificate="string",
ssl_other_client_cert_request="string",
ssl_other_client_certificate="string",
)],
supported_alpn="string",
untrusted_caname="string",
use_ssl_server="string",
vdomparam="string",
whitelist="string")
const sslsshprofileResource = new fortios.firewall.Sslsshprofile("sslsshprofileResource", {
allowlist: "string",
blockBlacklistedCertificates: "string",
blockBlocklistedCertificates: "string",
caname: "string",
comment: "string",
dot: {
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertificate: "string",
expiredServerCert: "string",
proxyAfterTcpHandshake: "string",
quic: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
status: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedServerCert: "string",
},
dynamicSortSubtable: "string",
echOuterSnis: [{
name: "string",
sni: "string",
}],
ftps: {
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertRequest: "string",
clientCertificate: "string",
expiredServerCert: "string",
invalidServerCert: "string",
minAllowedSslVersion: "string",
ports: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
status: "string",
unsupportedSsl: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedServerCert: "string",
},
getAllTables: "string",
https: {
certProbeFailure: "string",
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertRequest: "string",
clientCertificate: "string",
encryptedClientHello: "string",
expiredServerCert: "string",
invalidServerCert: "string",
minAllowedSslVersion: "string",
ports: "string",
proxyAfterTcpHandshake: "string",
quic: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
status: "string",
unsupportedSsl: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedServerCert: "string",
},
imaps: {
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertRequest: "string",
clientCertificate: "string",
expiredServerCert: "string",
invalidServerCert: "string",
ports: "string",
proxyAfterTcpHandshake: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
status: "string",
unsupportedSsl: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedServerCert: "string",
},
mapiOverHttps: "string",
name: "string",
pop3s: {
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertRequest: "string",
clientCertificate: "string",
expiredServerCert: "string",
invalidServerCert: "string",
ports: "string",
proxyAfterTcpHandshake: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
status: "string",
unsupportedSsl: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedServerCert: "string",
},
rpcOverHttps: "string",
serverCert: "string",
serverCertMode: "string",
smtps: {
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertRequest: "string",
clientCertificate: "string",
expiredServerCert: "string",
invalidServerCert: "string",
ports: "string",
proxyAfterTcpHandshake: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
status: "string",
unsupportedSsl: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedServerCert: "string",
},
ssh: {
inspectAll: "string",
ports: "string",
proxyAfterTcpHandshake: "string",
sshAlgorithm: "string",
sshPolicyCheck: "string",
sshTunPolicyCheck: "string",
status: "string",
unsupportedVersion: "string",
},
ssl: {
certProbeFailure: "string",
certValidationFailure: "string",
certValidationTimeout: "string",
clientCertRequest: "string",
clientCertificate: "string",
encryptedClientHello: "string",
expiredServerCert: "string",
inspectAll: "string",
invalidServerCert: "string",
minAllowedSslVersion: "string",
revokedServerCert: "string",
sniServerCertCheck: "string",
unsupportedSsl: "string",
unsupportedSslCipher: "string",
unsupportedSslNegotiation: "string",
unsupportedSslVersion: "string",
untrustedServerCert: "string",
},
sslAnomaliesLog: "string",
sslAnomalyLog: "string",
sslExemptionIpRating: "string",
sslExemptionLog: "string",
sslExemptionsLog: "string",
sslExempts: [{
address: "string",
address6: "string",
fortiguardCategory: 0,
id: 0,
regex: "string",
type: "string",
wildcardFqdn: "string",
}],
sslHandshakeLog: "string",
sslNegotiationLog: "string",
sslServerCertLog: "string",
sslServers: [{
ftpsClientCertRequest: "string",
ftpsClientCertificate: "string",
httpsClientCertRequest: "string",
httpsClientCertificate: "string",
id: 0,
imapsClientCertRequest: "string",
imapsClientCertificate: "string",
ip: "string",
pop3sClientCertRequest: "string",
pop3sClientCertificate: "string",
smtpsClientCertRequest: "string",
smtpsClientCertificate: "string",
sslOtherClientCertRequest: "string",
sslOtherClientCertificate: "string",
}],
supportedAlpn: "string",
untrustedCaname: "string",
useSslServer: "string",
vdomparam: "string",
whitelist: "string",
});
type: fortios:firewall:Sslsshprofile
properties:
allowlist: string
blockBlacklistedCertificates: string
blockBlocklistedCertificates: string
caname: string
comment: string
dot:
certValidationFailure: string
certValidationTimeout: string
clientCertificate: string
expiredServerCert: string
proxyAfterTcpHandshake: string
quic: string
revokedServerCert: string
sniServerCertCheck: string
status: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedServerCert: string
dynamicSortSubtable: string
echOuterSnis:
- name: string
sni: string
ftps:
certValidationFailure: string
certValidationTimeout: string
clientCertRequest: string
clientCertificate: string
expiredServerCert: string
invalidServerCert: string
minAllowedSslVersion: string
ports: string
revokedServerCert: string
sniServerCertCheck: string
status: string
unsupportedSsl: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedServerCert: string
getAllTables: string
https:
certProbeFailure: string
certValidationFailure: string
certValidationTimeout: string
clientCertRequest: string
clientCertificate: string
encryptedClientHello: string
expiredServerCert: string
invalidServerCert: string
minAllowedSslVersion: string
ports: string
proxyAfterTcpHandshake: string
quic: string
revokedServerCert: string
sniServerCertCheck: string
status: string
unsupportedSsl: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedServerCert: string
imaps:
certValidationFailure: string
certValidationTimeout: string
clientCertRequest: string
clientCertificate: string
expiredServerCert: string
invalidServerCert: string
ports: string
proxyAfterTcpHandshake: string
revokedServerCert: string
sniServerCertCheck: string
status: string
unsupportedSsl: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedServerCert: string
mapiOverHttps: string
name: string
pop3s:
certValidationFailure: string
certValidationTimeout: string
clientCertRequest: string
clientCertificate: string
expiredServerCert: string
invalidServerCert: string
ports: string
proxyAfterTcpHandshake: string
revokedServerCert: string
sniServerCertCheck: string
status: string
unsupportedSsl: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedServerCert: string
rpcOverHttps: string
serverCert: string
serverCertMode: string
smtps:
certValidationFailure: string
certValidationTimeout: string
clientCertRequest: string
clientCertificate: string
expiredServerCert: string
invalidServerCert: string
ports: string
proxyAfterTcpHandshake: string
revokedServerCert: string
sniServerCertCheck: string
status: string
unsupportedSsl: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedServerCert: string
ssh:
inspectAll: string
ports: string
proxyAfterTcpHandshake: string
sshAlgorithm: string
sshPolicyCheck: string
sshTunPolicyCheck: string
status: string
unsupportedVersion: string
ssl:
certProbeFailure: string
certValidationFailure: string
certValidationTimeout: string
clientCertRequest: string
clientCertificate: string
encryptedClientHello: string
expiredServerCert: string
inspectAll: string
invalidServerCert: string
minAllowedSslVersion: string
revokedServerCert: string
sniServerCertCheck: string
unsupportedSsl: string
unsupportedSslCipher: string
unsupportedSslNegotiation: string
unsupportedSslVersion: string
untrustedServerCert: string
sslAnomaliesLog: string
sslAnomalyLog: string
sslExemptionIpRating: string
sslExemptionLog: string
sslExemptionsLog: string
sslExempts:
- address: string
address6: string
fortiguardCategory: 0
id: 0
regex: string
type: string
wildcardFqdn: string
sslHandshakeLog: string
sslNegotiationLog: string
sslServerCertLog: string
sslServers:
- ftpsClientCertRequest: string
ftpsClientCertificate: string
httpsClientCertRequest: string
httpsClientCertificate: string
id: 0
imapsClientCertRequest: string
imapsClientCertificate: string
ip: string
pop3sClientCertRequest: string
pop3sClientCertificate: string
smtpsClientCertRequest: string
smtpsClientCertificate: string
sslOtherClientCertRequest: string
sslOtherClientCertificate: string
supportedAlpn: string
untrustedCaname: string
useSslServer: string
vdomparam: string
whitelist: string
Sslsshprofile Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Sslsshprofile resource accepts the following input properties:
- Allowlist string
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
enable,disable. - Block
Blacklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - Block
Blocklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - Caname string
- CA certificate used by SSL Inspection.
- Comment string
- Optional comments.
- Dot
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Dot - Configure DNS over TLS options. The structure of
dotblock is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Ech
Outer List<Pulumiverse.Snis Fortios. Firewall. Inputs. Sslsshprofile Ech Outer Sni> - ClientHelloOuter SNIs to be blocked. The structure of
ech_outer_sniblock is documented below. - Ftps
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Ftps - Configure FTPS options. The structure of
ftpsblock is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Https
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Https - Configure HTTPS options. The structure of
httpsblock is documented below. - Imaps
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Imaps - Configure IMAPS options. The structure of
imapsblock is documented below. - Mapi
Over stringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
enable,disable. - Name string
- Name.
- Pop3s
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Pop3s - Configure POP3S options. The structure of
pop3sblock is documented below. - Rpc
Over stringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
enable,disable. - Server
Cert string - Certificate used by SSL Inspection to replace server certificate.
- Server
Cert stringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - Smtps
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Smtps - Configure SMTPS options. The structure of
smtpsblock is documented below. - Ssh
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Ssh - Configure SSH options. The structure of
sshblock is documented below. - Ssl
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Ssl - Configure SSL options. The structure of
sslblock is documented below. - Ssl
Anomalies stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Anomaly stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Exemption stringIp Rating - Enable/disable IP based URL rating. Valid values:
enable,disable. - Ssl
Exemption stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exemptions stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exempts List<Pulumiverse.Fortios. Firewall. Inputs. Sslsshprofile Ssl Exempt> - Servers to exempt from SSL inspection. The structure of
ssl_exemptblock is documented below. - Ssl
Handshake stringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - Ssl
Negotiation stringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - Ssl
Server stringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - Ssl
Servers List<Pulumiverse.Fortios. Firewall. Inputs. Sslsshprofile Ssl Server> - SSL servers. The structure of
ssl_serverblock is documented below. - Supported
Alpn string - Configure ALPN option. Valid values:
http1-1,http2,all,none. - Untrusted
Caname string - Untrusted CA certificate used by SSL Inspection.
- Use
Ssl stringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Whitelist string
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
enable,disable.
- Allowlist string
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
enable,disable. - Block
Blacklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - Block
Blocklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - Caname string
- CA certificate used by SSL Inspection.
- Comment string
- Optional comments.
- Dot
Sslsshprofile
Dot Args - Configure DNS over TLS options. The structure of
dotblock is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Ech
Outer []SslsshprofileSnis Ech Outer Sni Args - ClientHelloOuter SNIs to be blocked. The structure of
ech_outer_sniblock is documented below. - Ftps
Sslsshprofile
Ftps Args - Configure FTPS options. The structure of
ftpsblock is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Https
Sslsshprofile
Https Args - Configure HTTPS options. The structure of
httpsblock is documented below. - Imaps
Sslsshprofile
Imaps Args - Configure IMAPS options. The structure of
imapsblock is documented below. - Mapi
Over stringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
enable,disable. - Name string
- Name.
- Pop3s
Sslsshprofile
Pop3s Args - Configure POP3S options. The structure of
pop3sblock is documented below. - Rpc
Over stringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
enable,disable. - Server
Cert string - Certificate used by SSL Inspection to replace server certificate.
- Server
Cert stringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - Smtps
Sslsshprofile
Smtps Args - Configure SMTPS options. The structure of
smtpsblock is documented below. - Ssh
Sslsshprofile
Ssh Args - Configure SSH options. The structure of
sshblock is documented below. - Ssl
Sslsshprofile
Ssl Args - Configure SSL options. The structure of
sslblock is documented below. - Ssl
Anomalies stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Anomaly stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Exemption stringIp Rating - Enable/disable IP based URL rating. Valid values:
enable,disable. - Ssl
Exemption stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exemptions stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exempts []SslsshprofileSsl Exempt Args - Servers to exempt from SSL inspection. The structure of
ssl_exemptblock is documented below. - Ssl
Handshake stringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - Ssl
Negotiation stringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - Ssl
Server stringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - Ssl
Servers []SslsshprofileSsl Server Args - SSL servers. The structure of
ssl_serverblock is documented below. - Supported
Alpn string - Configure ALPN option. Valid values:
http1-1,http2,all,none. - Untrusted
Caname string - Untrusted CA certificate used by SSL Inspection.
- Use
Ssl stringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Whitelist string
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
enable,disable.
- allowlist String
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
enable,disable. - block
Blacklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block
Blocklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname String
- CA certificate used by SSL Inspection.
- comment String
- Optional comments.
- dot
Sslsshprofile
Dot - Configure DNS over TLS options. The structure of
dotblock is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ech
Outer List<SslsshprofileSnis Ech Outer Sni> - ClientHelloOuter SNIs to be blocked. The structure of
ech_outer_sniblock is documented below. - ftps
Sslsshprofile
Ftps - Configure FTPS options. The structure of
ftpsblock is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- https
Sslsshprofile
Https - Configure HTTPS options. The structure of
httpsblock is documented below. - imaps
Sslsshprofile
Imaps - Configure IMAPS options. The structure of
imapsblock is documented below. - mapi
Over StringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
enable,disable. - name String
- Name.
- pop3s
Sslsshprofile
Pop3s - Configure POP3S options. The structure of
pop3sblock is documented below. - rpc
Over StringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
enable,disable. - server
Cert String - Certificate used by SSL Inspection to replace server certificate.
- server
Cert StringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps
Sslsshprofile
Smtps - Configure SMTPS options. The structure of
smtpsblock is documented below. - ssh
Sslsshprofile
Ssh - Configure SSH options. The structure of
sshblock is documented below. - ssl
Sslsshprofile
Ssl - Configure SSL options. The structure of
sslblock is documented below. - ssl
Anomalies StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Anomaly StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Exemption StringIp Rating - Enable/disable IP based URL rating. Valid values:
enable,disable. - ssl
Exemption StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exemptions StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exempts List<SslsshprofileSsl Exempt> - Servers to exempt from SSL inspection. The structure of
ssl_exemptblock is documented below. - ssl
Handshake StringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl
Negotiation StringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl
Server StringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl
Servers List<SslsshprofileSsl Server> - SSL servers. The structure of
ssl_serverblock is documented below. - supported
Alpn String - Configure ALPN option. Valid values:
http1-1,http2,all,none. - untrusted
Caname String - Untrusted CA certificate used by SSL Inspection.
- use
Ssl StringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- whitelist String
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
enable,disable.
- allowlist string
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
enable,disable. - block
Blacklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block
Blocklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname string
- CA certificate used by SSL Inspection.
- comment string
- Optional comments.
- dot
Sslsshprofile
Dot - Configure DNS over TLS options. The structure of
dotblock is documented below. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ech
Outer SslsshprofileSnis Ech Outer Sni[] - ClientHelloOuter SNIs to be blocked. The structure of
ech_outer_sniblock is documented below. - ftps
Sslsshprofile
Ftps - Configure FTPS options. The structure of
ftpsblock is documented below. - get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- https
Sslsshprofile
Https - Configure HTTPS options. The structure of
httpsblock is documented below. - imaps
Sslsshprofile
Imaps - Configure IMAPS options. The structure of
imapsblock is documented below. - mapi
Over stringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
enable,disable. - name string
- Name.
- pop3s
Sslsshprofile
Pop3s - Configure POP3S options. The structure of
pop3sblock is documented below. - rpc
Over stringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
enable,disable. - server
Cert string - Certificate used by SSL Inspection to replace server certificate.
- server
Cert stringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps
Sslsshprofile
Smtps - Configure SMTPS options. The structure of
smtpsblock is documented below. - ssh
Sslsshprofile
Ssh - Configure SSH options. The structure of
sshblock is documented below. - ssl
Sslsshprofile
Ssl - Configure SSL options. The structure of
sslblock is documented below. - ssl
Anomalies stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Anomaly stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Exemption stringIp Rating - Enable/disable IP based URL rating. Valid values:
enable,disable. - ssl
Exemption stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exemptions stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exempts SslsshprofileSsl Exempt[] - Servers to exempt from SSL inspection. The structure of
ssl_exemptblock is documented below. - ssl
Handshake stringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl
Negotiation stringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl
Server stringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl
Servers SslsshprofileSsl Server[] - SSL servers. The structure of
ssl_serverblock is documented below. - supported
Alpn string - Configure ALPN option. Valid values:
http1-1,http2,all,none. - untrusted
Caname string - Untrusted CA certificate used by SSL Inspection.
- use
Ssl stringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- whitelist string
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
enable,disable.
- allowlist str
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
enable,disable. - block_
blacklisted_ strcertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block_
blocklisted_ strcertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname str
- CA certificate used by SSL Inspection.
- comment str
- Optional comments.
- dot
Sslsshprofile
Dot Args - Configure DNS over TLS options. The structure of
dotblock is documented below. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ech_
outer_ Sequence[Sslsshprofilesnis Ech Outer Sni Args] - ClientHelloOuter SNIs to be blocked. The structure of
ech_outer_sniblock is documented below. - ftps
Sslsshprofile
Ftps Args - Configure FTPS options. The structure of
ftpsblock is documented below. - get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- https
Sslsshprofile
Https Args - Configure HTTPS options. The structure of
httpsblock is documented below. - imaps
Sslsshprofile
Imaps Args - Configure IMAPS options. The structure of
imapsblock is documented below. - mapi_
over_ strhttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
enable,disable. - name str
- Name.
- pop3s
Sslsshprofile
Pop3s Args - Configure POP3S options. The structure of
pop3sblock is documented below. - rpc_
over_ strhttps - Enable/disable inspection of RPC over HTTPS. Valid values:
enable,disable. - server_
cert str - Certificate used by SSL Inspection to replace server certificate.
- server_
cert_ strmode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps
Sslsshprofile
Smtps Args - Configure SMTPS options. The structure of
smtpsblock is documented below. - ssh
Sslsshprofile
Ssh Args - Configure SSH options. The structure of
sshblock is documented below. - ssl
Sslsshprofile
Ssl Args - Configure SSL options. The structure of
sslblock is documented below. - ssl_
anomalies_ strlog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl_
anomaly_ strlog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl_
exemption_ strip_ rating - Enable/disable IP based URL rating. Valid values:
enable,disable. - ssl_
exemption_ strlog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl_
exemptions_ strlog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl_
exempts Sequence[SslsshprofileSsl Exempt Args] - Servers to exempt from SSL inspection. The structure of
ssl_exemptblock is documented below. - ssl_
handshake_ strlog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl_
negotiation_ strlog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl_
server_ strcert_ log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl_
servers Sequence[SslsshprofileSsl Server Args] - SSL servers. The structure of
ssl_serverblock is documented below. - supported_
alpn str - Configure ALPN option. Valid values:
http1-1,http2,all,none. - untrusted_
caname str - Untrusted CA certificate used by SSL Inspection.
- use_
ssl_ strserver - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- whitelist str
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
enable,disable.
- allowlist String
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
enable,disable. - block
Blacklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block
Blocklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname String
- CA certificate used by SSL Inspection.
- comment String
- Optional comments.
- dot Property Map
- Configure DNS over TLS options. The structure of
dotblock is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ech
Outer List<Property Map>Snis - ClientHelloOuter SNIs to be blocked. The structure of
ech_outer_sniblock is documented below. - ftps Property Map
- Configure FTPS options. The structure of
ftpsblock is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- https Property Map
- Configure HTTPS options. The structure of
httpsblock is documented below. - imaps Property Map
- Configure IMAPS options. The structure of
imapsblock is documented below. - mapi
Over StringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
enable,disable. - name String
- Name.
- pop3s Property Map
- Configure POP3S options. The structure of
pop3sblock is documented below. - rpc
Over StringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
enable,disable. - server
Cert String - Certificate used by SSL Inspection to replace server certificate.
- server
Cert StringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps Property Map
- Configure SMTPS options. The structure of
smtpsblock is documented below. - ssh Property Map
- Configure SSH options. The structure of
sshblock is documented below. - ssl Property Map
- Configure SSL options. The structure of
sslblock is documented below. - ssl
Anomalies StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Anomaly StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Exemption StringIp Rating - Enable/disable IP based URL rating. Valid values:
enable,disable. - ssl
Exemption StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exemptions StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exempts List<Property Map> - Servers to exempt from SSL inspection. The structure of
ssl_exemptblock is documented below. - ssl
Handshake StringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl
Negotiation StringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl
Server StringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl
Servers List<Property Map> - SSL servers. The structure of
ssl_serverblock is documented below. - supported
Alpn String - Configure ALPN option. Valid values:
http1-1,http2,all,none. - untrusted
Caname String - Untrusted CA certificate used by SSL Inspection.
- use
Ssl StringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- whitelist String
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
enable,disable.
Outputs
All input properties are implicitly available as output properties. Additionally, the Sslsshprofile resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Sslsshprofile Resource
Get an existing Sslsshprofile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SslsshprofileState, opts?: CustomResourceOptions): Sslsshprofile@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowlist: Optional[str] = None,
block_blacklisted_certificates: Optional[str] = None,
block_blocklisted_certificates: Optional[str] = None,
caname: Optional[str] = None,
comment: Optional[str] = None,
dot: Optional[SslsshprofileDotArgs] = None,
dynamic_sort_subtable: Optional[str] = None,
ech_outer_snis: Optional[Sequence[SslsshprofileEchOuterSniArgs]] = None,
ftps: Optional[SslsshprofileFtpsArgs] = None,
get_all_tables: Optional[str] = None,
https: Optional[SslsshprofileHttpsArgs] = None,
imaps: Optional[SslsshprofileImapsArgs] = None,
mapi_over_https: Optional[str] = None,
name: Optional[str] = None,
pop3s: Optional[SslsshprofilePop3sArgs] = None,
rpc_over_https: Optional[str] = None,
server_cert: Optional[str] = None,
server_cert_mode: Optional[str] = None,
smtps: Optional[SslsshprofileSmtpsArgs] = None,
ssh: Optional[SslsshprofileSshArgs] = None,
ssl: Optional[SslsshprofileSslArgs] = None,
ssl_anomalies_log: Optional[str] = None,
ssl_anomaly_log: Optional[str] = None,
ssl_exemption_ip_rating: Optional[str] = None,
ssl_exemption_log: Optional[str] = None,
ssl_exemptions_log: Optional[str] = None,
ssl_exempts: Optional[Sequence[SslsshprofileSslExemptArgs]] = None,
ssl_handshake_log: Optional[str] = None,
ssl_negotiation_log: Optional[str] = None,
ssl_server_cert_log: Optional[str] = None,
ssl_servers: Optional[Sequence[SslsshprofileSslServerArgs]] = None,
supported_alpn: Optional[str] = None,
untrusted_caname: Optional[str] = None,
use_ssl_server: Optional[str] = None,
vdomparam: Optional[str] = None,
whitelist: Optional[str] = None) -> Sslsshprofilefunc GetSslsshprofile(ctx *Context, name string, id IDInput, state *SslsshprofileState, opts ...ResourceOption) (*Sslsshprofile, error)public static Sslsshprofile Get(string name, Input<string> id, SslsshprofileState? state, CustomResourceOptions? opts = null)public static Sslsshprofile get(String name, Output<String> id, SslsshprofileState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowlist string
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
enable,disable. - Block
Blacklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - Block
Blocklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - Caname string
- CA certificate used by SSL Inspection.
- Comment string
- Optional comments.
- Dot
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Dot - Configure DNS over TLS options. The structure of
dotblock is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Ech
Outer List<Pulumiverse.Snis Fortios. Firewall. Inputs. Sslsshprofile Ech Outer Sni> - ClientHelloOuter SNIs to be blocked. The structure of
ech_outer_sniblock is documented below. - Ftps
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Ftps - Configure FTPS options. The structure of
ftpsblock is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Https
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Https - Configure HTTPS options. The structure of
httpsblock is documented below. - Imaps
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Imaps - Configure IMAPS options. The structure of
imapsblock is documented below. - Mapi
Over stringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
enable,disable. - Name string
- Name.
- Pop3s
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Pop3s - Configure POP3S options. The structure of
pop3sblock is documented below. - Rpc
Over stringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
enable,disable. - Server
Cert string - Certificate used by SSL Inspection to replace server certificate.
- Server
Cert stringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - Smtps
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Smtps - Configure SMTPS options. The structure of
smtpsblock is documented below. - Ssh
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Ssh - Configure SSH options. The structure of
sshblock is documented below. - Ssl
Pulumiverse.
Fortios. Firewall. Inputs. Sslsshprofile Ssl - Configure SSL options. The structure of
sslblock is documented below. - Ssl
Anomalies stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Anomaly stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Exemption stringIp Rating - Enable/disable IP based URL rating. Valid values:
enable,disable. - Ssl
Exemption stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exemptions stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exempts List<Pulumiverse.Fortios. Firewall. Inputs. Sslsshprofile Ssl Exempt> - Servers to exempt from SSL inspection. The structure of
ssl_exemptblock is documented below. - Ssl
Handshake stringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - Ssl
Negotiation stringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - Ssl
Server stringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - Ssl
Servers List<Pulumiverse.Fortios. Firewall. Inputs. Sslsshprofile Ssl Server> - SSL servers. The structure of
ssl_serverblock is documented below. - Supported
Alpn string - Configure ALPN option. Valid values:
http1-1,http2,all,none. - Untrusted
Caname string - Untrusted CA certificate used by SSL Inspection.
- Use
Ssl stringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Whitelist string
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
enable,disable.
- Allowlist string
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
enable,disable. - Block
Blacklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - Block
Blocklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - Caname string
- CA certificate used by SSL Inspection.
- Comment string
- Optional comments.
- Dot
Sslsshprofile
Dot Args - Configure DNS over TLS options. The structure of
dotblock is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Ech
Outer []SslsshprofileSnis Ech Outer Sni Args - ClientHelloOuter SNIs to be blocked. The structure of
ech_outer_sniblock is documented below. - Ftps
Sslsshprofile
Ftps Args - Configure FTPS options. The structure of
ftpsblock is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Https
Sslsshprofile
Https Args - Configure HTTPS options. The structure of
httpsblock is documented below. - Imaps
Sslsshprofile
Imaps Args - Configure IMAPS options. The structure of
imapsblock is documented below. - Mapi
Over stringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
enable,disable. - Name string
- Name.
- Pop3s
Sslsshprofile
Pop3s Args - Configure POP3S options. The structure of
pop3sblock is documented below. - Rpc
Over stringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
enable,disable. - Server
Cert string - Certificate used by SSL Inspection to replace server certificate.
- Server
Cert stringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - Smtps
Sslsshprofile
Smtps Args - Configure SMTPS options. The structure of
smtpsblock is documented below. - Ssh
Sslsshprofile
Ssh Args - Configure SSH options. The structure of
sshblock is documented below. - Ssl
Sslsshprofile
Ssl Args - Configure SSL options. The structure of
sslblock is documented below. - Ssl
Anomalies stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Anomaly stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - Ssl
Exemption stringIp Rating - Enable/disable IP based URL rating. Valid values:
enable,disable. - Ssl
Exemption stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exemptions stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - Ssl
Exempts []SslsshprofileSsl Exempt Args - Servers to exempt from SSL inspection. The structure of
ssl_exemptblock is documented below. - Ssl
Handshake stringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - Ssl
Negotiation stringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - Ssl
Server stringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - Ssl
Servers []SslsshprofileSsl Server Args - SSL servers. The structure of
ssl_serverblock is documented below. - Supported
Alpn string - Configure ALPN option. Valid values:
http1-1,http2,all,none. - Untrusted
Caname string - Untrusted CA certificate used by SSL Inspection.
- Use
Ssl stringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Whitelist string
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
enable,disable.
- allowlist String
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
enable,disable. - block
Blacklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block
Blocklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname String
- CA certificate used by SSL Inspection.
- comment String
- Optional comments.
- dot
Sslsshprofile
Dot - Configure DNS over TLS options. The structure of
dotblock is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ech
Outer List<SslsshprofileSnis Ech Outer Sni> - ClientHelloOuter SNIs to be blocked. The structure of
ech_outer_sniblock is documented below. - ftps
Sslsshprofile
Ftps - Configure FTPS options. The structure of
ftpsblock is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- https
Sslsshprofile
Https - Configure HTTPS options. The structure of
httpsblock is documented below. - imaps
Sslsshprofile
Imaps - Configure IMAPS options. The structure of
imapsblock is documented below. - mapi
Over StringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
enable,disable. - name String
- Name.
- pop3s
Sslsshprofile
Pop3s - Configure POP3S options. The structure of
pop3sblock is documented below. - rpc
Over StringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
enable,disable. - server
Cert String - Certificate used by SSL Inspection to replace server certificate.
- server
Cert StringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps
Sslsshprofile
Smtps - Configure SMTPS options. The structure of
smtpsblock is documented below. - ssh
Sslsshprofile
Ssh - Configure SSH options. The structure of
sshblock is documented below. - ssl
Sslsshprofile
Ssl - Configure SSL options. The structure of
sslblock is documented below. - ssl
Anomalies StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Anomaly StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Exemption StringIp Rating - Enable/disable IP based URL rating. Valid values:
enable,disable. - ssl
Exemption StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exemptions StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exempts List<SslsshprofileSsl Exempt> - Servers to exempt from SSL inspection. The structure of
ssl_exemptblock is documented below. - ssl
Handshake StringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl
Negotiation StringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl
Server StringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl
Servers List<SslsshprofileSsl Server> - SSL servers. The structure of
ssl_serverblock is documented below. - supported
Alpn String - Configure ALPN option. Valid values:
http1-1,http2,all,none. - untrusted
Caname String - Untrusted CA certificate used by SSL Inspection.
- use
Ssl StringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- whitelist String
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
enable,disable.
- allowlist string
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
enable,disable. - block
Blacklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block
Blocklisted stringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname string
- CA certificate used by SSL Inspection.
- comment string
- Optional comments.
- dot
Sslsshprofile
Dot - Configure DNS over TLS options. The structure of
dotblock is documented below. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ech
Outer SslsshprofileSnis Ech Outer Sni[] - ClientHelloOuter SNIs to be blocked. The structure of
ech_outer_sniblock is documented below. - ftps
Sslsshprofile
Ftps - Configure FTPS options. The structure of
ftpsblock is documented below. - get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- https
Sslsshprofile
Https - Configure HTTPS options. The structure of
httpsblock is documented below. - imaps
Sslsshprofile
Imaps - Configure IMAPS options. The structure of
imapsblock is documented below. - mapi
Over stringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
enable,disable. - name string
- Name.
- pop3s
Sslsshprofile
Pop3s - Configure POP3S options. The structure of
pop3sblock is documented below. - rpc
Over stringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
enable,disable. - server
Cert string - Certificate used by SSL Inspection to replace server certificate.
- server
Cert stringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps
Sslsshprofile
Smtps - Configure SMTPS options. The structure of
smtpsblock is documented below. - ssh
Sslsshprofile
Ssh - Configure SSH options. The structure of
sshblock is documented below. - ssl
Sslsshprofile
Ssl - Configure SSL options. The structure of
sslblock is documented below. - ssl
Anomalies stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Anomaly stringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Exemption stringIp Rating - Enable/disable IP based URL rating. Valid values:
enable,disable. - ssl
Exemption stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exemptions stringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exempts SslsshprofileSsl Exempt[] - Servers to exempt from SSL inspection. The structure of
ssl_exemptblock is documented below. - ssl
Handshake stringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl
Negotiation stringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl
Server stringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl
Servers SslsshprofileSsl Server[] - SSL servers. The structure of
ssl_serverblock is documented below. - supported
Alpn string - Configure ALPN option. Valid values:
http1-1,http2,all,none. - untrusted
Caname string - Untrusted CA certificate used by SSL Inspection.
- use
Ssl stringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- whitelist string
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
enable,disable.
- allowlist str
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
enable,disable. - block_
blacklisted_ strcertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block_
blocklisted_ strcertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname str
- CA certificate used by SSL Inspection.
- comment str
- Optional comments.
- dot
Sslsshprofile
Dot Args - Configure DNS over TLS options. The structure of
dotblock is documented below. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ech_
outer_ Sequence[Sslsshprofilesnis Ech Outer Sni Args] - ClientHelloOuter SNIs to be blocked. The structure of
ech_outer_sniblock is documented below. - ftps
Sslsshprofile
Ftps Args - Configure FTPS options. The structure of
ftpsblock is documented below. - get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- https
Sslsshprofile
Https Args - Configure HTTPS options. The structure of
httpsblock is documented below. - imaps
Sslsshprofile
Imaps Args - Configure IMAPS options. The structure of
imapsblock is documented below. - mapi_
over_ strhttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
enable,disable. - name str
- Name.
- pop3s
Sslsshprofile
Pop3s Args - Configure POP3S options. The structure of
pop3sblock is documented below. - rpc_
over_ strhttps - Enable/disable inspection of RPC over HTTPS. Valid values:
enable,disable. - server_
cert str - Certificate used by SSL Inspection to replace server certificate.
- server_
cert_ strmode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps
Sslsshprofile
Smtps Args - Configure SMTPS options. The structure of
smtpsblock is documented below. - ssh
Sslsshprofile
Ssh Args - Configure SSH options. The structure of
sshblock is documented below. - ssl
Sslsshprofile
Ssl Args - Configure SSL options. The structure of
sslblock is documented below. - ssl_
anomalies_ strlog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl_
anomaly_ strlog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl_
exemption_ strip_ rating - Enable/disable IP based URL rating. Valid values:
enable,disable. - ssl_
exemption_ strlog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl_
exemptions_ strlog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl_
exempts Sequence[SslsshprofileSsl Exempt Args] - Servers to exempt from SSL inspection. The structure of
ssl_exemptblock is documented below. - ssl_
handshake_ strlog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl_
negotiation_ strlog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl_
server_ strcert_ log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl_
servers Sequence[SslsshprofileSsl Server Args] - SSL servers. The structure of
ssl_serverblock is documented below. - supported_
alpn str - Configure ALPN option. Valid values:
http1-1,http2,all,none. - untrusted_
caname str - Untrusted CA certificate used by SSL Inspection.
- use_
ssl_ strserver - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- whitelist str
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
enable,disable.
- allowlist String
- Enable/disable exempting servers by FortiGuard allowlist. Valid values:
enable,disable. - block
Blacklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values:
disable,enable. - block
Blocklisted StringCertificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values:
disable,enable. - caname String
- CA certificate used by SSL Inspection.
- comment String
- Optional comments.
- dot Property Map
- Configure DNS over TLS options. The structure of
dotblock is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ech
Outer List<Property Map>Snis - ClientHelloOuter SNIs to be blocked. The structure of
ech_outer_sniblock is documented below. - ftps Property Map
- Configure FTPS options. The structure of
ftpsblock is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- https Property Map
- Configure HTTPS options. The structure of
httpsblock is documented below. - imaps Property Map
- Configure IMAPS options. The structure of
imapsblock is documented below. - mapi
Over StringHttps - Enable/disable inspection of MAPI over HTTPS. Valid values:
enable,disable. - name String
- Name.
- pop3s Property Map
- Configure POP3S options. The structure of
pop3sblock is documented below. - rpc
Over StringHttps - Enable/disable inspection of RPC over HTTPS. Valid values:
enable,disable. - server
Cert String - Certificate used by SSL Inspection to replace server certificate.
- server
Cert StringMode - Re-sign or replace the server's certificate. Valid values:
re-sign,replace. - smtps Property Map
- Configure SMTPS options. The structure of
smtpsblock is documented below. - ssh Property Map
- Configure SSH options. The structure of
sshblock is documented below. - ssl Property Map
- Configure SSL options. The structure of
sslblock is documented below. - ssl
Anomalies StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Anomaly StringLog - Enable/disable logging SSL anomalies. Valid values:
disable,enable. - ssl
Exemption StringIp Rating - Enable/disable IP based URL rating. Valid values:
enable,disable. - ssl
Exemption StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exemptions StringLog - Enable/disable logging SSL exemptions. Valid values:
disable,enable. - ssl
Exempts List<Property Map> - Servers to exempt from SSL inspection. The structure of
ssl_exemptblock is documented below. - ssl
Handshake StringLog - Enable/disable logging of TLS handshakes. Valid values:
disable,enable. - ssl
Negotiation StringLog - Enable/disable logging SSL negotiation. Valid values:
disable,enable. - ssl
Server StringCert Log - Enable/disable logging of server certificate information. Valid values:
disable,enable. - ssl
Servers List<Property Map> - SSL servers. The structure of
ssl_serverblock is documented below. - supported
Alpn String - Configure ALPN option. Valid values:
http1-1,http2,all,none. - untrusted
Caname String - Untrusted CA certificate used by SSL Inspection.
- use
Ssl StringServer - Enable/disable the use of SSL server table for SSL offloading. Valid values:
disable,enable. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- whitelist String
- Enable/disable exempting servers by FortiGuard whitelist. Valid values:
enable,disable.
Supporting Types
SslsshprofileDot, SslsshprofileDotArgs
- Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - Quic string
- QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
- Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - Quic string
- QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
- Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- Untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - quic String
- QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
- revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - quic string
- QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
- revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server stringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- cert_
validation_ strfailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert_
validation_ strtimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client_
certificate str - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired_
server_ strcert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - proxy_
after_ strtcp_ handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - quic str
- QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
- revoked_
server_ strcert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni_
server_ strcert_ check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status str
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported_
ssl_ strcipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strnegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strversion - Action based on the SSL version used being unsupported.
- untrusted_
server_ strcert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
- cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - quic String
- QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
- revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server StringCert - Action based on server certificate is not issued by a trusted CA. Valid values:
allow,block,ignore.
SslsshprofileEchOuterSni, SslsshprofileEchOuterSniArgs
SslsshprofileFtps, SslsshprofileFtpsArgs
- Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ports string
- Ports to use for scanning (1 - 65535, default = 443).
- Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- Untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ports string
- Ports to use for scanning (1 - 65535, default = 443).
- Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- Untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports String
- Ports to use for scanning (1 - 65535, default = 443).
- revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server StringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports string
- Ports to use for scanning (1 - 65535, default = 443).
- revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert_
validation_ strfailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert_
validation_ strtimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client_
cert_ strrequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client_
certificate str - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired_
server_ strcert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid_
server_ strcert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min_
allowed_ strssl_ version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports str
- Ports to use for scanning (1 - 65535, default = 443).
- revoked_
server_ strcert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni_
server_ strcert_ check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status str
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported_
ssl str - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported_
ssl_ strcipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strnegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strversion - Action based on the SSL version used being unsupported.
- untrusted_
server_ strcert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports String
- Ports to use for scanning (1 - 65535, default = 443).
- revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server StringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
SslsshprofileHttps, SslsshprofileHttpsArgs
- Cert
Probe stringFailure - Action based on certificate probe failure. Valid values:
allow,block. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Encrypted
Client stringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
allow,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ports string
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - Quic string
- QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
- Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Status string
- Configure protocol inspection status. Valid values:
disable,certificate-inspection,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- Untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- Cert
Probe stringFailure - Action based on certificate probe failure. Valid values:
allow,block. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Encrypted
Client stringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
allow,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ports string
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - Quic string
- QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
- Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Status string
- Configure protocol inspection status. Valid values:
disable,certificate-inspection,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- Untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Probe StringFailure - Action based on certificate probe failure. Valid values:
allow,block. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted
Client StringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
allow,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports String
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - quic String
- QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
- revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status String
- Configure protocol inspection status. Valid values:
disable,certificate-inspection,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server StringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Probe stringFailure - Action based on certificate probe failure. Valid values:
allow,block. - cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted
Client stringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
allow,block. - expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports string
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - quic string
- QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
- revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status string
- Configure protocol inspection status. Valid values:
disable,certificate-inspection,deep-inspection. - unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert_
probe_ strfailure - Action based on certificate probe failure. Valid values:
allow,block. - cert_
validation_ strfailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert_
validation_ strtimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client_
cert_ strrequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client_
certificate str - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted_
client_ strhello - Block/allow session based on existence of encrypted-client-hello. Valid values:
allow,block. - expired_
server_ strcert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid_
server_ strcert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min_
allowed_ strssl_ version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports str
- Ports to use for scanning (1 - 65535, default = 443).
- proxy_
after_ strtcp_ handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - quic str
- QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
- revoked_
server_ strcert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni_
server_ strcert_ check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status str
- Configure protocol inspection status. Valid values:
disable,certificate-inspection,deep-inspection. - unsupported_
ssl str - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported_
ssl_ strcipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strnegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strversion - Action based on the SSL version used being unsupported.
- untrusted_
server_ strcert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Probe StringFailure - Action based on certificate probe failure. Valid values:
allow,block. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted
Client StringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
allow,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ports String
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - quic String
- QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
- revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status String
- Configure protocol inspection status. Valid values:
disable,certificate-inspection,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server StringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
SslsshprofileImaps, SslsshprofileImapsArgs
- Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Ports string
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- Untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Ports string
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- Untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - ports String
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server StringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - ports string
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert_
validation_ strfailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert_
validation_ strtimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client_
cert_ strrequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client_
certificate str - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired_
server_ strcert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid_
server_ strcert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - ports str
- Ports to use for scanning (1 - 65535, default = 443).
- proxy_
after_ strtcp_ handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - revoked_
server_ strcert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni_
server_ strcert_ check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status str
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported_
ssl str - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported_
ssl_ strcipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strnegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strversion - Action based on the SSL version used being unsupported.
- untrusted_
server_ strcert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - ports String
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server StringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
SslsshprofilePop3s, SslsshprofilePop3sArgs
- Cert
Validation stringFailure - Cert
Validation stringTimeout - Client
Cert stringRequest - Client
Certificate string - Expired
Server stringCert - Invalid
Server stringCert - Ports string
- Proxy
After stringTcp Handshake - Revoked
Server stringCert - Sni
Server stringCert Check - Status string
- Unsupported
Ssl string - Unsupported
Ssl stringCipher - Unsupported
Ssl stringNegotiation - Unsupported
Ssl stringVersion - Untrusted
Server stringCert
- Cert
Validation stringFailure - Cert
Validation stringTimeout - Client
Cert stringRequest - Client
Certificate string - Expired
Server stringCert - Invalid
Server stringCert - Ports string
- Proxy
After stringTcp Handshake - Revoked
Server stringCert - Sni
Server stringCert Check - Status string
- Unsupported
Ssl string - Unsupported
Ssl stringCipher - Unsupported
Ssl stringNegotiation - Unsupported
Ssl stringVersion - Untrusted
Server stringCert
- cert
Validation StringFailure - cert
Validation StringTimeout - client
Cert StringRequest - client
Certificate String - expired
Server StringCert - invalid
Server StringCert - ports String
- proxy
After StringTcp Handshake - revoked
Server StringCert - sni
Server StringCert Check - status String
- unsupported
Ssl String - unsupported
Ssl StringCipher - unsupported
Ssl StringNegotiation - unsupported
Ssl StringVersion - untrusted
Server StringCert
- cert
Validation stringFailure - cert
Validation stringTimeout - client
Cert stringRequest - client
Certificate string - expired
Server stringCert - invalid
Server stringCert - ports string
- proxy
After stringTcp Handshake - revoked
Server stringCert - sni
Server stringCert Check - status string
- unsupported
Ssl string - unsupported
Ssl stringCipher - unsupported
Ssl stringNegotiation - unsupported
Ssl stringVersion - untrusted
Server stringCert
- cert_
validation_ strfailure - cert_
validation_ strtimeout - client_
cert_ strrequest - client_
certificate str - expired_
server_ strcert - invalid_
server_ strcert - ports str
- proxy_
after_ strtcp_ handshake - revoked_
server_ strcert - sni_
server_ strcert_ check - status str
- unsupported_
ssl str - unsupported_
ssl_ strcipher - unsupported_
ssl_ strnegotiation - unsupported_
ssl_ strversion - untrusted_
server_ strcert
- cert
Validation StringFailure - cert
Validation StringTimeout - client
Cert StringRequest - client
Certificate String - expired
Server StringCert - invalid
Server StringCert - ports String
- proxy
After StringTcp Handshake - revoked
Server StringCert - sni
Server StringCert Check - status String
- unsupported
Ssl String - unsupported
Ssl StringCipher - unsupported
Ssl StringNegotiation - unsupported
Ssl StringVersion - untrusted
Server StringCert
SslsshprofileSmtps, SslsshprofileSmtpsArgs
- Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Ports string
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- Untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Ports string
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- Untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - ports String
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server StringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - ports string
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert_
validation_ strfailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert_
validation_ strtimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client_
cert_ strrequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client_
certificate str - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired_
server_ strcert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid_
server_ strcert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - ports str
- Ports to use for scanning (1 - 65535, default = 443).
- proxy_
after_ strtcp_ handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - revoked_
server_ strcert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni_
server_ strcert_ check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status str
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported_
ssl str - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported_
ssl_ strcipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strnegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strversion - Action based on the SSL version used being unsupported.
- untrusted_
server_ strcert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - ports String
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server StringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
SslsshprofileSsh, SslsshprofileSshArgs
- Inspect
All string - Level of SSL inspection. Valid values:
disable,deep-inspection. - Ports string
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - Ssh
Algorithm string - Relative strength of encryption algorithms accepted during negotiation. Valid values:
compatible,high-encryption. - Ssh
Policy stringCheck - Enable/disable SSH policy check. Valid values:
disable,enable. - Ssh
Tun stringPolicy Check - Enable/disable SSH tunnel policy check. Valid values:
disable,enable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Version string - Action based on SSH version being unsupported. Valid values:
bypass,block.
- Inspect
All string - Level of SSL inspection. Valid values:
disable,deep-inspection. - Ports string
- Ports to use for scanning (1 - 65535, default = 443).
- Proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - Ssh
Algorithm string - Relative strength of encryption algorithms accepted during negotiation. Valid values:
compatible,high-encryption. - Ssh
Policy stringCheck - Enable/disable SSH policy check. Valid values:
disable,enable. - Ssh
Tun stringPolicy Check - Enable/disable SSH tunnel policy check. Valid values:
disable,enable. - Status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - Unsupported
Version string - Action based on SSH version being unsupported. Valid values:
bypass,block.
- inspect
All String - Level of SSL inspection. Valid values:
disable,deep-inspection. - ports String
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - ssh
Algorithm String - Relative strength of encryption algorithms accepted during negotiation. Valid values:
compatible,high-encryption. - ssh
Policy StringCheck - Enable/disable SSH policy check. Valid values:
disable,enable. - ssh
Tun StringPolicy Check - Enable/disable SSH tunnel policy check. Valid values:
disable,enable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Version String - Action based on SSH version being unsupported. Valid values:
bypass,block.
- inspect
All string - Level of SSL inspection. Valid values:
disable,deep-inspection. - ports string
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After stringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - ssh
Algorithm string - Relative strength of encryption algorithms accepted during negotiation. Valid values:
compatible,high-encryption. - ssh
Policy stringCheck - Enable/disable SSH policy check. Valid values:
disable,enable. - ssh
Tun stringPolicy Check - Enable/disable SSH tunnel policy check. Valid values:
disable,enable. - status string
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Version string - Action based on SSH version being unsupported. Valid values:
bypass,block.
- inspect_
all str - Level of SSL inspection. Valid values:
disable,deep-inspection. - ports str
- Ports to use for scanning (1 - 65535, default = 443).
- proxy_
after_ strtcp_ handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - ssh_
algorithm str - Relative strength of encryption algorithms accepted during negotiation. Valid values:
compatible,high-encryption. - ssh_
policy_ strcheck - Enable/disable SSH policy check. Valid values:
disable,enable. - ssh_
tun_ strpolicy_ check - Enable/disable SSH tunnel policy check. Valid values:
disable,enable. - status str
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported_
version str - Action based on SSH version being unsupported. Valid values:
bypass,block.
- inspect
All String - Level of SSL inspection. Valid values:
disable,deep-inspection. - ports String
- Ports to use for scanning (1 - 65535, default = 443).
- proxy
After StringTcp Handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values:
enable,disable. - ssh
Algorithm String - Relative strength of encryption algorithms accepted during negotiation. Valid values:
compatible,high-encryption. - ssh
Policy StringCheck - Enable/disable SSH policy check. Valid values:
disable,enable. - ssh
Tun StringPolicy Check - Enable/disable SSH tunnel policy check. Valid values:
disable,enable. - status String
- Configure protocol inspection status. Valid values:
disable,deep-inspection. - unsupported
Version String - Action based on SSH version being unsupported. Valid values:
bypass,block.
SslsshprofileSsl, SslsshprofileSslArgs
- Cert
Probe stringFailure - Action based on certificate probe failure. Valid values:
allow,block. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Encrypted
Client stringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
allow,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Inspect
All string - Level of SSL inspection. Valid values:
disable,certificate-inspection,deep-inspection. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- Untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- Cert
Probe stringFailure - Action based on certificate probe failure. Valid values:
allow,block. - Cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - Cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - Client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - Client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - Encrypted
Client stringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
allow,block. - Expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - Inspect
All string - Level of SSL inspection. Valid values:
disable,certificate-inspection,deep-inspection. - Invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - Min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - Sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - Unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - Unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - Unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- Untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Probe StringFailure - Action based on certificate probe failure. Valid values:
allow,block. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted
Client StringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
allow,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - inspect
All String - Level of SSL inspection. Valid values:
disable,certificate-inspection,deep-inspection. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server StringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Probe stringFailure - Action based on certificate probe failure. Valid values:
allow,block. - cert
Validation stringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation stringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert stringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate string - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted
Client stringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
allow,block. - expired
Server stringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - inspect
All string - Level of SSL inspection. Valid values:
disable,certificate-inspection,deep-inspection. - invalid
Server stringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed stringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - revoked
Server stringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server stringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - unsupported
Ssl string - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl stringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl stringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server stringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert_
probe_ strfailure - Action based on certificate probe failure. Valid values:
allow,block. - cert_
validation_ strfailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert_
validation_ strtimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client_
cert_ strrequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client_
certificate str - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted_
client_ strhello - Block/allow session based on existence of encrypted-client-hello. Valid values:
allow,block. - expired_
server_ strcert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - inspect_
all str - Level of SSL inspection. Valid values:
disable,certificate-inspection,deep-inspection. - invalid_
server_ strcert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min_
allowed_ strssl_ version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - revoked_
server_ strcert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni_
server_ strcert_ check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - unsupported_
ssl str - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported_
ssl_ strcipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strnegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported_
ssl_ strversion - Action based on the SSL version used being unsupported.
- untrusted_
server_ strcert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
- cert
Probe StringFailure - Action based on certificate probe failure. Valid values:
allow,block. - cert
Validation StringFailure - Action based on certificate validation failure. Valid values:
allow,block,ignore. - cert
Validation StringTimeout - Action based on certificate validation timeout. Valid values:
allow,block,ignore. - client
Cert StringRequest - Action based on client certificate request. Valid values:
bypass,inspect,block. - client
Certificate String - Action based on received client certificate. Valid values:
bypass,inspect,block. - encrypted
Client StringHello - Block/allow session based on existence of encrypted-client-hello. Valid values:
allow,block. - expired
Server StringCert - Action based on server certificate is expired. Valid values:
allow,block,ignore. - inspect
All String - Level of SSL inspection. Valid values:
disable,certificate-inspection,deep-inspection. - invalid
Server StringCert - Allow or block the invalid SSL session server certificate. Valid values:
allow,block. - min
Allowed StringSsl Version - Minimum SSL version to be allowed. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - revoked
Server StringCert - Action based on server certificate is revoked. Valid values:
allow,block,ignore. - sni
Server StringCert Check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values:
enable,strict,disable. - unsupported
Ssl String - Action based on the SSL encryption used being unsupported. Valid values:
bypass,inspect,block. - unsupported
Ssl StringCipher - Action based on the SSL cipher used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringNegotiation - Action based on the SSL negotiation used being unsupported. Valid values:
allow,block. - unsupported
Ssl StringVersion - Action based on the SSL version used being unsupported.
- untrusted
Server StringCert - Allow, ignore, or block the untrusted SSL session server certificate. Valid values:
allow,block,ignore.
SslsshprofileSslExempt, SslsshprofileSslExemptArgs
- Address string
- IPv4 address object.
- Address6 string
- IPv6 address object.
- Fortiguard
Category int - FortiGuard category ID.
- Id int
- ID number.
- Regex string
- Exempt servers by regular expression.
- Type string
- Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values:
fortiguard-category,address,address6,wildcard-fqdn,regex. - Wildcard
Fqdn string - Exempt servers by wildcard FQDN.
- Address string
- IPv4 address object.
- Address6 string
- IPv6 address object.
- Fortiguard
Category int - FortiGuard category ID.
- Id int
- ID number.
- Regex string
- Exempt servers by regular expression.
- Type string
- Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values:
fortiguard-category,address,address6,wildcard-fqdn,regex. - Wildcard
Fqdn string - Exempt servers by wildcard FQDN.
- address String
- IPv4 address object.
- address6 String
- IPv6 address object.
- fortiguard
Category Integer - FortiGuard category ID.
- id Integer
- ID number.
- regex String
- Exempt servers by regular expression.
- type String
- Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values:
fortiguard-category,address,address6,wildcard-fqdn,regex. - wildcard
Fqdn String - Exempt servers by wildcard FQDN.
- address string
- IPv4 address object.
- address6 string
- IPv6 address object.
- fortiguard
Category number - FortiGuard category ID.
- id number
- ID number.
- regex string
- Exempt servers by regular expression.
- type string
- Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values:
fortiguard-category,address,address6,wildcard-fqdn,regex. - wildcard
Fqdn string - Exempt servers by wildcard FQDN.
- address str
- IPv4 address object.
- address6 str
- IPv6 address object.
- fortiguard_
category int - FortiGuard category ID.
- id int
- ID number.
- regex str
- Exempt servers by regular expression.
- type str
- Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values:
fortiguard-category,address,address6,wildcard-fqdn,regex. - wildcard_
fqdn str - Exempt servers by wildcard FQDN.
- address String
- IPv4 address object.
- address6 String
- IPv6 address object.
- fortiguard
Category Number - FortiGuard category ID.
- id Number
- ID number.
- regex String
- Exempt servers by regular expression.
- type String
- Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values:
fortiguard-category,address,address6,wildcard-fqdn,regex. - wildcard
Fqdn String - Exempt servers by wildcard FQDN.
SslsshprofileSslServer, SslsshprofileSslServerArgs
- Ftps
Client stringCert Request - Action based on client certificate request during the FTPS handshake. Valid values:
bypass,inspect,block. - Ftps
Client stringCertificate - Action based on received client certificate during the FTPS handshake. Valid values:
bypass,inspect,block. - Https
Client stringCert Request - Action based on client certificate request during the HTTPS handshake. Valid values:
bypass,inspect,block. - Https
Client stringCertificate - Action based on received client certificate during the HTTPS handshake. Valid values:
bypass,inspect,block. - Id int
- SSL server ID.
- Imaps
Client stringCert Request - Action based on client certificate request during the IMAPS handshake. Valid values:
bypass,inspect,block. - Imaps
Client stringCertificate - Action based on received client certificate during the IMAPS handshake. Valid values:
bypass,inspect,block. - Ip string
- IPv4 address of the SSL server.
- Pop3s
Client stringCert Request - Action based on client certificate request during the POP3S handshake. Valid values:
bypass,inspect,block. - Pop3s
Client stringCertificate - Action based on received client certificate during the POP3S handshake. Valid values:
bypass,inspect,block. - Smtps
Client stringCert Request - Action based on client certificate request during the SMTPS handshake. Valid values:
bypass,inspect,block. - Smtps
Client stringCertificate - Action based on received client certificate during the SMTPS handshake. Valid values:
bypass,inspect,block. - Ssl
Other stringClient Cert Request - Action based on client certificate request during an SSL protocol handshake. Valid values:
bypass,inspect,block. - Ssl
Other stringClient Certificate - Action based on received client certificate during an SSL protocol handshake. Valid values:
bypass,inspect,block.
- Ftps
Client stringCert Request - Action based on client certificate request during the FTPS handshake. Valid values:
bypass,inspect,block. - Ftps
Client stringCertificate - Action based on received client certificate during the FTPS handshake. Valid values:
bypass,inspect,block. - Https
Client stringCert Request - Action based on client certificate request during the HTTPS handshake. Valid values:
bypass,inspect,block. - Https
Client stringCertificate - Action based on received client certificate during the HTTPS handshake. Valid values:
bypass,inspect,block. - Id int
- SSL server ID.
- Imaps
Client stringCert Request - Action based on client certificate request during the IMAPS handshake. Valid values:
bypass,inspect,block. - Imaps
Client stringCertificate - Action based on received client certificate during the IMAPS handshake. Valid values:
bypass,inspect,block. - Ip string
- IPv4 address of the SSL server.
- Pop3s
Client stringCert Request - Action based on client certificate request during the POP3S handshake. Valid values:
bypass,inspect,block. - Pop3s
Client stringCertificate - Action based on received client certificate during the POP3S handshake. Valid values:
bypass,inspect,block. - Smtps
Client stringCert Request - Action based on client certificate request during the SMTPS handshake. Valid values:
bypass,inspect,block. - Smtps
Client stringCertificate - Action based on received client certificate during the SMTPS handshake. Valid values:
bypass,inspect,block. - Ssl
Other stringClient Cert Request - Action based on client certificate request during an SSL protocol handshake. Valid values:
bypass,inspect,block. - Ssl
Other stringClient Certificate - Action based on received client certificate during an SSL protocol handshake. Valid values:
bypass,inspect,block.
- ftps
Client StringCert Request - Action based on client certificate request during the FTPS handshake. Valid values:
bypass,inspect,block. - ftps
Client StringCertificate - Action based on received client certificate during the FTPS handshake. Valid values:
bypass,inspect,block. - https
Client StringCert Request - Action based on client certificate request during the HTTPS handshake. Valid values:
bypass,inspect,block. - https
Client StringCertificate - Action based on received client certificate during the HTTPS handshake. Valid values:
bypass,inspect,block. - id Integer
- SSL server ID.
- imaps
Client StringCert Request - Action based on client certificate request during the IMAPS handshake. Valid values:
bypass,inspect,block. - imaps
Client StringCertificate - Action based on received client certificate during the IMAPS handshake. Valid values:
bypass,inspect,block. - ip String
- IPv4 address of the SSL server.
- pop3s
Client StringCert Request - Action based on client certificate request during the POP3S handshake. Valid values:
bypass,inspect,block. - pop3s
Client StringCertificate - Action based on received client certificate during the POP3S handshake. Valid values:
bypass,inspect,block. - smtps
Client StringCert Request - Action based on client certificate request during the SMTPS handshake. Valid values:
bypass,inspect,block. - smtps
Client StringCertificate - Action based on received client certificate during the SMTPS handshake. Valid values:
bypass,inspect,block. - ssl
Other StringClient Cert Request - Action based on client certificate request during an SSL protocol handshake. Valid values:
bypass,inspect,block. - ssl
Other StringClient Certificate - Action based on received client certificate during an SSL protocol handshake. Valid values:
bypass,inspect,block.
- ftps
Client stringCert Request - Action based on client certificate request during the FTPS handshake. Valid values:
bypass,inspect,block. - ftps
Client stringCertificate - Action based on received client certificate during the FTPS handshake. Valid values:
bypass,inspect,block. - https
Client stringCert Request - Action based on client certificate request during the HTTPS handshake. Valid values:
bypass,inspect,block. - https
Client stringCertificate - Action based on received client certificate during the HTTPS handshake. Valid values:
bypass,inspect,block. - id number
- SSL server ID.
- imaps
Client stringCert Request - Action based on client certificate request during the IMAPS handshake. Valid values:
bypass,inspect,block. - imaps
Client stringCertificate - Action based on received client certificate during the IMAPS handshake. Valid values:
bypass,inspect,block. - ip string
- IPv4 address of the SSL server.
- pop3s
Client stringCert Request - Action based on client certificate request during the POP3S handshake. Valid values:
bypass,inspect,block. - pop3s
Client stringCertificate - Action based on received client certificate during the POP3S handshake. Valid values:
bypass,inspect,block. - smtps
Client stringCert Request - Action based on client certificate request during the SMTPS handshake. Valid values:
bypass,inspect,block. - smtps
Client stringCertificate - Action based on received client certificate during the SMTPS handshake. Valid values:
bypass,inspect,block. - ssl
Other stringClient Cert Request - Action based on client certificate request during an SSL protocol handshake. Valid values:
bypass,inspect,block. - ssl
Other stringClient Certificate - Action based on received client certificate during an SSL protocol handshake. Valid values:
bypass,inspect,block.
- ftps_
client_ strcert_ request - Action based on client certificate request during the FTPS handshake. Valid values:
bypass,inspect,block. - ftps_
client_ strcertificate - Action based on received client certificate during the FTPS handshake. Valid values:
bypass,inspect,block. - https_
client_ strcert_ request - Action based on client certificate request during the HTTPS handshake. Valid values:
bypass,inspect,block. - https_
client_ strcertificate - Action based on received client certificate during the HTTPS handshake. Valid values:
bypass,inspect,block. - id int
- SSL server ID.
- imaps_
client_ strcert_ request - Action based on client certificate request during the IMAPS handshake. Valid values:
bypass,inspect,block. - imaps_
client_ strcertificate - Action based on received client certificate during the IMAPS handshake. Valid values:
bypass,inspect,block. - ip str
- IPv4 address of the SSL server.
- pop3s_
client_ strcert_ request - Action based on client certificate request during the POP3S handshake. Valid values:
bypass,inspect,block. - pop3s_
client_ strcertificate - Action based on received client certificate during the POP3S handshake. Valid values:
bypass,inspect,block. - smtps_
client_ strcert_ request - Action based on client certificate request during the SMTPS handshake. Valid values:
bypass,inspect,block. - smtps_
client_ strcertificate - Action based on received client certificate during the SMTPS handshake. Valid values:
bypass,inspect,block. - ssl_
other_ strclient_ cert_ request - Action based on client certificate request during an SSL protocol handshake. Valid values:
bypass,inspect,block. - ssl_
other_ strclient_ certificate - Action based on received client certificate during an SSL protocol handshake. Valid values:
bypass,inspect,block.
- ftps
Client StringCert Request - Action based on client certificate request during the FTPS handshake. Valid values:
bypass,inspect,block. - ftps
Client StringCertificate - Action based on received client certificate during the FTPS handshake. Valid values:
bypass,inspect,block. - https
Client StringCert Request - Action based on client certificate request during the HTTPS handshake. Valid values:
bypass,inspect,block. - https
Client StringCertificate - Action based on received client certificate during the HTTPS handshake. Valid values:
bypass,inspect,block. - id Number
- SSL server ID.
- imaps
Client StringCert Request - Action based on client certificate request during the IMAPS handshake. Valid values:
bypass,inspect,block. - imaps
Client StringCertificate - Action based on received client certificate during the IMAPS handshake. Valid values:
bypass,inspect,block. - ip String
- IPv4 address of the SSL server.
- pop3s
Client StringCert Request - Action based on client certificate request during the POP3S handshake. Valid values:
bypass,inspect,block. - pop3s
Client StringCertificate - Action based on received client certificate during the POP3S handshake. Valid values:
bypass,inspect,block. - smtps
Client StringCert Request - Action based on client certificate request during the SMTPS handshake. Valid values:
bypass,inspect,block. - smtps
Client StringCertificate - Action based on received client certificate during the SMTPS handshake. Valid values:
bypass,inspect,block. - ssl
Other StringClient Cert Request - Action based on client certificate request during an SSL protocol handshake. Valid values:
bypass,inspect,block. - ssl
Other StringClient Certificate - Action based on received client certificate during an SSL protocol handshake. Valid values:
bypass,inspect,block.
Import
Firewall SslSshProfile can be imported using any of these accepted formats:
$ pulumi import fortios:firewall/sslsshprofile:Sslsshprofile labelname {{name}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:firewall/sslsshprofile:Sslsshprofile labelname {{name}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortiosTerraform Provider.