Viewing docs for panos 2.0.12
published on Wednesday, Jun 17, 2026 by paloaltonetworks
published on Wednesday, Jun 17, 2026 by paloaltonetworks
Viewing docs for panos 2.0.12
published on Wednesday, Jun 17, 2026 by paloaltonetworks
published on Wednesday, Jun 17, 2026 by paloaltonetworks
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as panos from "@pulumi/panos";
const example = new panos.DecryptionProfile("example", {
location: {
shared: {},
},
name: "my-decryption-profile",
sslForwardProxy: {
blockExpiredCertificate: true,
blockUntrustedIssuer: true,
blockUnknownCert: true,
blockUnsupportedVersion: true,
blockUnsupportedCipher: true,
restrictCertExts: true,
},
sslProtocolSettings: {
minVersion: "tls1-2",
maxVersion: "max",
keyxchgAlgoRsa: true,
keyxchgAlgoEcdhe: true,
encAlgoAes128Gcm: true,
encAlgoAes256Gcm: true,
authAlgoSha256: true,
authAlgoSha384: true,
},
});
import pulumi
import pulumi_panos as panos
example = panos.DecryptionProfile("example",
location={
"shared": {},
},
name="my-decryption-profile",
ssl_forward_proxy={
"block_expired_certificate": True,
"block_untrusted_issuer": True,
"block_unknown_cert": True,
"block_unsupported_version": True,
"block_unsupported_cipher": True,
"restrict_cert_exts": True,
},
ssl_protocol_settings={
"min_version": "tls1-2",
"max_version": "max",
"keyxchg_algo_rsa": True,
"keyxchg_algo_ecdhe": True,
"enc_algo_aes128_gcm": True,
"enc_algo_aes256_gcm": True,
"auth_algo_sha256": True,
"auth_algo_sha384": True,
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/panos/v2/panos"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := panos.NewDecryptionProfile(ctx, "example", &panos.DecryptionProfileArgs{
Location: &panos.DecryptionProfileLocationArgs{
Shared: &panos.DecryptionProfileLocationSharedArgs{},
},
Name: pulumi.String("my-decryption-profile"),
SslForwardProxy: &panos.DecryptionProfileSslForwardProxyArgs{
BlockExpiredCertificate: pulumi.Bool(true),
BlockUntrustedIssuer: pulumi.Bool(true),
BlockUnknownCert: pulumi.Bool(true),
BlockUnsupportedVersion: pulumi.Bool(true),
BlockUnsupportedCipher: pulumi.Bool(true),
RestrictCertExts: pulumi.Bool(true),
},
SslProtocolSettings: &panos.DecryptionProfileSslProtocolSettingsArgs{
MinVersion: pulumi.String("tls1-2"),
MaxVersion: pulumi.String("max"),
KeyxchgAlgoRsa: pulumi.Bool(true),
KeyxchgAlgoEcdhe: pulumi.Bool(true),
EncAlgoAes128Gcm: pulumi.Bool(true),
EncAlgoAes256Gcm: pulumi.Bool(true),
AuthAlgoSha256: pulumi.Bool(true),
AuthAlgoSha384: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Panos = Pulumi.Panos;
return await Deployment.RunAsync(() =>
{
var example = new Panos.DecryptionProfile("example", new()
{
Location = new Panos.Inputs.DecryptionProfileLocationArgs
{
Shared = null,
},
Name = "my-decryption-profile",
SslForwardProxy = new Panos.Inputs.DecryptionProfileSslForwardProxyArgs
{
BlockExpiredCertificate = true,
BlockUntrustedIssuer = true,
BlockUnknownCert = true,
BlockUnsupportedVersion = true,
BlockUnsupportedCipher = true,
RestrictCertExts = true,
},
SslProtocolSettings = new Panos.Inputs.DecryptionProfileSslProtocolSettingsArgs
{
MinVersion = "tls1-2",
MaxVersion = "max",
KeyxchgAlgoRsa = true,
KeyxchgAlgoEcdhe = true,
EncAlgoAes128Gcm = true,
EncAlgoAes256Gcm = true,
AuthAlgoSha256 = true,
AuthAlgoSha384 = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.panos.DecryptionProfile;
import com.pulumi.panos.DecryptionProfileArgs;
import com.pulumi.panos.inputs.DecryptionProfileLocationArgs;
import com.pulumi.panos.inputs.DecryptionProfileLocationSharedArgs;
import com.pulumi.panos.inputs.DecryptionProfileSslForwardProxyArgs;
import com.pulumi.panos.inputs.DecryptionProfileSslProtocolSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DecryptionProfile("example", DecryptionProfileArgs.builder()
.location(DecryptionProfileLocationArgs.builder()
.shared(DecryptionProfileLocationSharedArgs.builder()
.build())
.build())
.name("my-decryption-profile")
.sslForwardProxy(DecryptionProfileSslForwardProxyArgs.builder()
.blockExpiredCertificate(true)
.blockUntrustedIssuer(true)
.blockUnknownCert(true)
.blockUnsupportedVersion(true)
.blockUnsupportedCipher(true)
.restrictCertExts(true)
.build())
.sslProtocolSettings(DecryptionProfileSslProtocolSettingsArgs.builder()
.minVersion("tls1-2")
.maxVersion("max")
.keyxchgAlgoRsa(true)
.keyxchgAlgoEcdhe(true)
.encAlgoAes128Gcm(true)
.encAlgoAes256Gcm(true)
.authAlgoSha256(true)
.authAlgoSha384(true)
.build())
.build());
}
}
resources:
example:
type: panos:DecryptionProfile
properties:
location:
shared: {}
name: my-decryption-profile
sslForwardProxy:
blockExpiredCertificate: true
blockUntrustedIssuer: true
blockUnknownCert: true
blockUnsupportedVersion: true
blockUnsupportedCipher: true
restrictCertExts: true
sslProtocolSettings:
minVersion: tls1-2
maxVersion: max
keyxchgAlgoRsa: true
keyxchgAlgoEcdhe: true
encAlgoAes128Gcm: true
encAlgoAes256Gcm: true
authAlgoSha256: true
authAlgoSha384: true
Example coming soon!
Create DecryptionProfile Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DecryptionProfile(name: string, args: DecryptionProfileArgs, opts?: CustomResourceOptions);@overload
def DecryptionProfile(resource_name: str,
args: DecryptionProfileArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DecryptionProfile(resource_name: str,
opts: Optional[ResourceOptions] = None,
location: Optional[DecryptionProfileLocationArgs] = None,
disable_override: Optional[str] = None,
forwarded_only: Optional[bool] = None,
interface: Optional[str] = None,
name: Optional[str] = None,
ssh_proxy: Optional[DecryptionProfileSshProxyArgs] = None,
ssl_forward_proxy: Optional[DecryptionProfileSslForwardProxyArgs] = None,
ssl_inbound_proxy: Optional[DecryptionProfileSslInboundProxyArgs] = None,
ssl_no_proxy: Optional[DecryptionProfileSslNoProxyArgs] = None,
ssl_protocol_settings: Optional[DecryptionProfileSslProtocolSettingsArgs] = None)func NewDecryptionProfile(ctx *Context, name string, args DecryptionProfileArgs, opts ...ResourceOption) (*DecryptionProfile, error)public DecryptionProfile(string name, DecryptionProfileArgs args, CustomResourceOptions? opts = null)
public DecryptionProfile(String name, DecryptionProfileArgs args)
public DecryptionProfile(String name, DecryptionProfileArgs args, CustomResourceOptions options)
type: panos:DecryptionProfile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "panos_decryptionprofile" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args DecryptionProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DecryptionProfileArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DecryptionProfileArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DecryptionProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DecryptionProfileArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var decryptionProfileResource = new Panos.DecryptionProfile("decryptionProfileResource", new()
{
Location = new Panos.Inputs.DecryptionProfileLocationArgs
{
DeviceGroup = new Panos.Inputs.DecryptionProfileLocationDeviceGroupArgs
{
Name = "string",
PanoramaDevice = "string",
},
Shared = null,
Vsys = new Panos.Inputs.DecryptionProfileLocationVsysArgs
{
Name = "string",
NgfwDevice = "string",
},
},
DisableOverride = "string",
ForwardedOnly = false,
Interface = "string",
Name = "string",
SshProxy = new Panos.Inputs.DecryptionProfileSshProxyArgs
{
BlockIfNoResource = false,
BlockSshErrors = false,
BlockUnsupportedAlg = false,
BlockUnsupportedVersion = false,
},
SslForwardProxy = new Panos.Inputs.DecryptionProfileSslForwardProxyArgs
{
AutoIncludeAltname = false,
BlockClientCert = false,
BlockExpiredCertificate = false,
BlockIfHsmUnavailable = false,
BlockIfNoResource = false,
BlockIfSniMismatch = false,
BlockTimeoutCert = false,
BlockTls13DowngradeNoResource = false,
BlockUnknownCert = false,
BlockUnsupportedCipher = false,
BlockUnsupportedVersion = false,
BlockUntrustedIssuer = false,
RestrictCertExts = false,
StripAlpn = false,
},
SslInboundProxy = new Panos.Inputs.DecryptionProfileSslInboundProxyArgs
{
BlockIfHsmUnavailable = false,
BlockIfNoResource = false,
BlockTls13DowngradeNoResource = false,
BlockUnsupportedCipher = false,
BlockUnsupportedVersion = false,
},
SslNoProxy = new Panos.Inputs.DecryptionProfileSslNoProxyArgs
{
BlockExpiredCertificate = false,
BlockUntrustedIssuer = false,
},
SslProtocolSettings = new Panos.Inputs.DecryptionProfileSslProtocolSettingsArgs
{
AuthAlgoMd5 = false,
AuthAlgoSha1 = false,
AuthAlgoSha256 = false,
AuthAlgoSha384 = false,
EncAlgo3des = false,
EncAlgoAes128Cbc = false,
EncAlgoAes128Gcm = false,
EncAlgoAes256Cbc = false,
EncAlgoAes256Gcm = false,
EncAlgoChacha20Poly1305 = false,
EncAlgoRc4 = false,
KeyxchgAlgoDhe = false,
KeyxchgAlgoEcdhe = false,
KeyxchgAlgoRsa = false,
MaxVersion = "string",
MinVersion = "string",
},
});
example, err := panos.NewDecryptionProfile(ctx, "decryptionProfileResource", &panos.DecryptionProfileArgs{
Location: &panos.DecryptionProfileLocationArgs{
DeviceGroup: &panos.DecryptionProfileLocationDeviceGroupArgs{
Name: pulumi.String("string"),
PanoramaDevice: pulumi.String("string"),
},
Shared: &panos.DecryptionProfileLocationSharedArgs{},
Vsys: &panos.DecryptionProfileLocationVsysArgs{
Name: pulumi.String("string"),
NgfwDevice: pulumi.String("string"),
},
},
DisableOverride: pulumi.String("string"),
ForwardedOnly: pulumi.Bool(false),
Interface: pulumi.String("string"),
Name: pulumi.String("string"),
SshProxy: &panos.DecryptionProfileSshProxyArgs{
BlockIfNoResource: pulumi.Bool(false),
BlockSshErrors: pulumi.Bool(false),
BlockUnsupportedAlg: pulumi.Bool(false),
BlockUnsupportedVersion: pulumi.Bool(false),
},
SslForwardProxy: &panos.DecryptionProfileSslForwardProxyArgs{
AutoIncludeAltname: pulumi.Bool(false),
BlockClientCert: pulumi.Bool(false),
BlockExpiredCertificate: pulumi.Bool(false),
BlockIfHsmUnavailable: pulumi.Bool(false),
BlockIfNoResource: pulumi.Bool(false),
BlockIfSniMismatch: pulumi.Bool(false),
BlockTimeoutCert: pulumi.Bool(false),
BlockTls13DowngradeNoResource: pulumi.Bool(false),
BlockUnknownCert: pulumi.Bool(false),
BlockUnsupportedCipher: pulumi.Bool(false),
BlockUnsupportedVersion: pulumi.Bool(false),
BlockUntrustedIssuer: pulumi.Bool(false),
RestrictCertExts: pulumi.Bool(false),
StripAlpn: pulumi.Bool(false),
},
SslInboundProxy: &panos.DecryptionProfileSslInboundProxyArgs{
BlockIfHsmUnavailable: pulumi.Bool(false),
BlockIfNoResource: pulumi.Bool(false),
BlockTls13DowngradeNoResource: pulumi.Bool(false),
BlockUnsupportedCipher: pulumi.Bool(false),
BlockUnsupportedVersion: pulumi.Bool(false),
},
SslNoProxy: &panos.DecryptionProfileSslNoProxyArgs{
BlockExpiredCertificate: pulumi.Bool(false),
BlockUntrustedIssuer: pulumi.Bool(false),
},
SslProtocolSettings: &panos.DecryptionProfileSslProtocolSettingsArgs{
AuthAlgoMd5: pulumi.Bool(false),
AuthAlgoSha1: pulumi.Bool(false),
AuthAlgoSha256: pulumi.Bool(false),
AuthAlgoSha384: pulumi.Bool(false),
EncAlgo3des: pulumi.Bool(false),
EncAlgoAes128Cbc: pulumi.Bool(false),
EncAlgoAes128Gcm: pulumi.Bool(false),
EncAlgoAes256Cbc: pulumi.Bool(false),
EncAlgoAes256Gcm: pulumi.Bool(false),
EncAlgoChacha20Poly1305: pulumi.Bool(false),
EncAlgoRc4: pulumi.Bool(false),
KeyxchgAlgoDhe: pulumi.Bool(false),
KeyxchgAlgoEcdhe: pulumi.Bool(false),
KeyxchgAlgoRsa: pulumi.Bool(false),
MaxVersion: pulumi.String("string"),
MinVersion: pulumi.String("string"),
},
})
resource "panos_decryptionprofile" "decryptionProfileResource" {
location = {
device_group = {
name = "string"
panorama_device = "string"
}
shared = {}
vsys = {
name = "string"
ngfw_device = "string"
}
}
disable_override = "string"
forwarded_only = false
interface = "string"
name = "string"
ssh_proxy = {
block_if_no_resource = false
block_ssh_errors = false
block_unsupported_alg = false
block_unsupported_version = false
}
ssl_forward_proxy = {
auto_include_altname = false
block_client_cert = false
block_expired_certificate = false
block_if_hsm_unavailable = false
block_if_no_resource = false
block_if_sni_mismatch = false
block_timeout_cert = false
block_tls13_downgrade_no_resource = false
block_unknown_cert = false
block_unsupported_cipher = false
block_unsupported_version = false
block_untrusted_issuer = false
restrict_cert_exts = false
strip_alpn = false
}
ssl_inbound_proxy = {
block_if_hsm_unavailable = false
block_if_no_resource = false
block_tls13_downgrade_no_resource = false
block_unsupported_cipher = false
block_unsupported_version = false
}
ssl_no_proxy = {
block_expired_certificate = false
block_untrusted_issuer = false
}
ssl_protocol_settings = {
auth_algo_md5 = false
auth_algo_sha1 = false
auth_algo_sha256 = false
auth_algo_sha384 = false
enc_algo3des = false
enc_algo_aes128_cbc = false
enc_algo_aes128_gcm = false
enc_algo_aes256_cbc = false
enc_algo_aes256_gcm = false
enc_algo_chacha20_poly1305 = false
enc_algo_rc4 = false
keyxchg_algo_dhe = false
keyxchg_algo_ecdhe = false
keyxchg_algo_rsa = false
max_version = "string"
min_version = "string"
}
}
var decryptionProfileResource = new DecryptionProfile("decryptionProfileResource", DecryptionProfileArgs.builder()
.location(DecryptionProfileLocationArgs.builder()
.deviceGroup(DecryptionProfileLocationDeviceGroupArgs.builder()
.name("string")
.panoramaDevice("string")
.build())
.shared(DecryptionProfileLocationSharedArgs.builder()
.build())
.vsys(DecryptionProfileLocationVsysArgs.builder()
.name("string")
.ngfwDevice("string")
.build())
.build())
.disableOverride("string")
.forwardedOnly(false)
.interface_("string")
.name("string")
.sshProxy(DecryptionProfileSshProxyArgs.builder()
.blockIfNoResource(false)
.blockSshErrors(false)
.blockUnsupportedAlg(false)
.blockUnsupportedVersion(false)
.build())
.sslForwardProxy(DecryptionProfileSslForwardProxyArgs.builder()
.autoIncludeAltname(false)
.blockClientCert(false)
.blockExpiredCertificate(false)
.blockIfHsmUnavailable(false)
.blockIfNoResource(false)
.blockIfSniMismatch(false)
.blockTimeoutCert(false)
.blockTls13DowngradeNoResource(false)
.blockUnknownCert(false)
.blockUnsupportedCipher(false)
.blockUnsupportedVersion(false)
.blockUntrustedIssuer(false)
.restrictCertExts(false)
.stripAlpn(false)
.build())
.sslInboundProxy(DecryptionProfileSslInboundProxyArgs.builder()
.blockIfHsmUnavailable(false)
.blockIfNoResource(false)
.blockTls13DowngradeNoResource(false)
.blockUnsupportedCipher(false)
.blockUnsupportedVersion(false)
.build())
.sslNoProxy(DecryptionProfileSslNoProxyArgs.builder()
.blockExpiredCertificate(false)
.blockUntrustedIssuer(false)
.build())
.sslProtocolSettings(DecryptionProfileSslProtocolSettingsArgs.builder()
.authAlgoMd5(false)
.authAlgoSha1(false)
.authAlgoSha256(false)
.authAlgoSha384(false)
.encAlgo3des(false)
.encAlgoAes128Cbc(false)
.encAlgoAes128Gcm(false)
.encAlgoAes256Cbc(false)
.encAlgoAes256Gcm(false)
.encAlgoChacha20Poly1305(false)
.encAlgoRc4(false)
.keyxchgAlgoDhe(false)
.keyxchgAlgoEcdhe(false)
.keyxchgAlgoRsa(false)
.maxVersion("string")
.minVersion("string")
.build())
.build());
decryption_profile_resource = panos.DecryptionProfile("decryptionProfileResource",
location={
"device_group": {
"name": "string",
"panorama_device": "string",
},
"shared": {},
"vsys": {
"name": "string",
"ngfw_device": "string",
},
},
disable_override="string",
forwarded_only=False,
interface="string",
name="string",
ssh_proxy={
"block_if_no_resource": False,
"block_ssh_errors": False,
"block_unsupported_alg": False,
"block_unsupported_version": False,
},
ssl_forward_proxy={
"auto_include_altname": False,
"block_client_cert": False,
"block_expired_certificate": False,
"block_if_hsm_unavailable": False,
"block_if_no_resource": False,
"block_if_sni_mismatch": False,
"block_timeout_cert": False,
"block_tls13_downgrade_no_resource": False,
"block_unknown_cert": False,
"block_unsupported_cipher": False,
"block_unsupported_version": False,
"block_untrusted_issuer": False,
"restrict_cert_exts": False,
"strip_alpn": False,
},
ssl_inbound_proxy={
"block_if_hsm_unavailable": False,
"block_if_no_resource": False,
"block_tls13_downgrade_no_resource": False,
"block_unsupported_cipher": False,
"block_unsupported_version": False,
},
ssl_no_proxy={
"block_expired_certificate": False,
"block_untrusted_issuer": False,
},
ssl_protocol_settings={
"auth_algo_md5": False,
"auth_algo_sha1": False,
"auth_algo_sha256": False,
"auth_algo_sha384": False,
"enc_algo3des": False,
"enc_algo_aes128_cbc": False,
"enc_algo_aes128_gcm": False,
"enc_algo_aes256_cbc": False,
"enc_algo_aes256_gcm": False,
"enc_algo_chacha20_poly1305": False,
"enc_algo_rc4": False,
"keyxchg_algo_dhe": False,
"keyxchg_algo_ecdhe": False,
"keyxchg_algo_rsa": False,
"max_version": "string",
"min_version": "string",
})
const decryptionProfileResource = new panos.DecryptionProfile("decryptionProfileResource", {
location: {
deviceGroup: {
name: "string",
panoramaDevice: "string",
},
shared: {},
vsys: {
name: "string",
ngfwDevice: "string",
},
},
disableOverride: "string",
forwardedOnly: false,
"interface": "string",
name: "string",
sshProxy: {
blockIfNoResource: false,
blockSshErrors: false,
blockUnsupportedAlg: false,
blockUnsupportedVersion: false,
},
sslForwardProxy: {
autoIncludeAltname: false,
blockClientCert: false,
blockExpiredCertificate: false,
blockIfHsmUnavailable: false,
blockIfNoResource: false,
blockIfSniMismatch: false,
blockTimeoutCert: false,
blockTls13DowngradeNoResource: false,
blockUnknownCert: false,
blockUnsupportedCipher: false,
blockUnsupportedVersion: false,
blockUntrustedIssuer: false,
restrictCertExts: false,
stripAlpn: false,
},
sslInboundProxy: {
blockIfHsmUnavailable: false,
blockIfNoResource: false,
blockTls13DowngradeNoResource: false,
blockUnsupportedCipher: false,
blockUnsupportedVersion: false,
},
sslNoProxy: {
blockExpiredCertificate: false,
blockUntrustedIssuer: false,
},
sslProtocolSettings: {
authAlgoMd5: false,
authAlgoSha1: false,
authAlgoSha256: false,
authAlgoSha384: false,
encAlgo3des: false,
encAlgoAes128Cbc: false,
encAlgoAes128Gcm: false,
encAlgoAes256Cbc: false,
encAlgoAes256Gcm: false,
encAlgoChacha20Poly1305: false,
encAlgoRc4: false,
keyxchgAlgoDhe: false,
keyxchgAlgoEcdhe: false,
keyxchgAlgoRsa: false,
maxVersion: "string",
minVersion: "string",
},
});
type: panos:DecryptionProfile
properties:
disableOverride: string
forwardedOnly: false
interface: string
location:
deviceGroup:
name: string
panoramaDevice: string
shared: {}
vsys:
name: string
ngfwDevice: string
name: string
sshProxy:
blockIfNoResource: false
blockSshErrors: false
blockUnsupportedAlg: false
blockUnsupportedVersion: false
sslForwardProxy:
autoIncludeAltname: false
blockClientCert: false
blockExpiredCertificate: false
blockIfHsmUnavailable: false
blockIfNoResource: false
blockIfSniMismatch: false
blockTimeoutCert: false
blockTls13DowngradeNoResource: false
blockUnknownCert: false
blockUnsupportedCipher: false
blockUnsupportedVersion: false
blockUntrustedIssuer: false
restrictCertExts: false
stripAlpn: false
sslInboundProxy:
blockIfHsmUnavailable: false
blockIfNoResource: false
blockTls13DowngradeNoResource: false
blockUnsupportedCipher: false
blockUnsupportedVersion: false
sslNoProxy:
blockExpiredCertificate: false
blockUntrustedIssuer: false
sslProtocolSettings:
authAlgoMd5: false
authAlgoSha1: false
authAlgoSha256: false
authAlgoSha384: false
encAlgo3des: false
encAlgoAes128Cbc: false
encAlgoAes128Gcm: false
encAlgoAes256Cbc: false
encAlgoAes256Gcm: false
encAlgoChacha20Poly1305: false
encAlgoRc4: false
keyxchgAlgoDhe: false
keyxchgAlgoEcdhe: false
keyxchgAlgoRsa: false
maxVersion: string
minVersion: string
DecryptionProfile Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DecryptionProfile resource accepts the following input properties:
- Location
Decryption
Profile Location - The location of this object.
- Disable
Override string - disable object override in child device groups
- Forwarded
Only bool - mirror after security policy allow
- Interface string
- decrypt mirror port
- Name string
- Ssh
Proxy DecryptionProfile Ssh Proxy - Ssl
Forward DecryptionProxy Profile Ssl Forward Proxy - Ssl
Inbound DecryptionProxy Profile Ssl Inbound Proxy - Ssl
No DecryptionProxy Profile Ssl No Proxy - Ssl
Protocol DecryptionSettings Profile Ssl Protocol Settings
- Location
Decryption
Profile Location Args - The location of this object.
- Disable
Override string - disable object override in child device groups
- Forwarded
Only bool - mirror after security policy allow
- Interface string
- decrypt mirror port
- Name string
- Ssh
Proxy DecryptionProfile Ssh Proxy Args - Ssl
Forward DecryptionProxy Profile Ssl Forward Proxy Args - Ssl
Inbound DecryptionProxy Profile Ssl Inbound Proxy Args - Ssl
No DecryptionProxy Profile Ssl No Proxy Args - Ssl
Protocol DecryptionSettings Profile Ssl Protocol Settings Args
- location object
- The location of this object.
- disable_
override string - disable object override in child device groups
- forwarded_
only bool - mirror after security policy allow
- interface string
- decrypt mirror port
- name string
- ssh_
proxy object - ssl_
forward_ objectproxy - ssl_
inbound_ objectproxy - ssl_
no_ objectproxy - ssl_
protocol_ objectsettings
- location
Decryption
Profile Location - The location of this object.
- disable
Override String - disable object override in child device groups
- forwarded
Only Boolean - mirror after security policy allow
- interface_ String
- decrypt mirror port
- name String
- ssh
Proxy DecryptionProfile Ssh Proxy - ssl
Forward DecryptionProxy Profile Ssl Forward Proxy - ssl
Inbound DecryptionProxy Profile Ssl Inbound Proxy - ssl
No DecryptionProxy Profile Ssl No Proxy - ssl
Protocol DecryptionSettings Profile Ssl Protocol Settings
- location
Decryption
Profile Location - The location of this object.
- disable
Override string - disable object override in child device groups
- forwarded
Only boolean - mirror after security policy allow
- interface string
- decrypt mirror port
- name string
- ssh
Proxy DecryptionProfile Ssh Proxy - ssl
Forward DecryptionProxy Profile Ssl Forward Proxy - ssl
Inbound DecryptionProxy Profile Ssl Inbound Proxy - ssl
No DecryptionProxy Profile Ssl No Proxy - ssl
Protocol DecryptionSettings Profile Ssl Protocol Settings
- location
Decryption
Profile Location Args - The location of this object.
- disable_
override str - disable object override in child device groups
- forwarded_
only bool - mirror after security policy allow
- interface str
- decrypt mirror port
- name str
- ssh_
proxy DecryptionProfile Ssh Proxy Args - ssl_
forward_ Decryptionproxy Profile Ssl Forward Proxy Args - ssl_
inbound_ Decryptionproxy Profile Ssl Inbound Proxy Args - ssl_
no_ Decryptionproxy Profile Ssl No Proxy Args - ssl_
protocol_ Decryptionsettings Profile Ssl Protocol Settings Args
- location Property Map
- The location of this object.
- disable
Override String - disable object override in child device groups
- forwarded
Only Boolean - mirror after security policy allow
- interface String
- decrypt mirror port
- name String
- ssh
Proxy Property Map - ssl
Forward Property MapProxy - ssl
Inbound Property MapProxy - ssl
No Property MapProxy - ssl
Protocol Property MapSettings
Outputs
All input properties are implicitly available as output properties. Additionally, the DecryptionProfile resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing DecryptionProfile Resource
Get an existing DecryptionProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DecryptionProfileState, opts?: CustomResourceOptions): DecryptionProfile@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
disable_override: Optional[str] = None,
forwarded_only: Optional[bool] = None,
interface: Optional[str] = None,
location: Optional[DecryptionProfileLocationArgs] = None,
name: Optional[str] = None,
ssh_proxy: Optional[DecryptionProfileSshProxyArgs] = None,
ssl_forward_proxy: Optional[DecryptionProfileSslForwardProxyArgs] = None,
ssl_inbound_proxy: Optional[DecryptionProfileSslInboundProxyArgs] = None,
ssl_no_proxy: Optional[DecryptionProfileSslNoProxyArgs] = None,
ssl_protocol_settings: Optional[DecryptionProfileSslProtocolSettingsArgs] = None) -> DecryptionProfilefunc GetDecryptionProfile(ctx *Context, name string, id IDInput, state *DecryptionProfileState, opts ...ResourceOption) (*DecryptionProfile, error)public static DecryptionProfile Get(string name, Input<string> id, DecryptionProfileState? state, CustomResourceOptions? opts = null)public static DecryptionProfile get(String name, Output<String> id, DecryptionProfileState state, CustomResourceOptions options)resources: _: type: panos:DecryptionProfile get: id: ${id}import {
to = panos_decryptionprofile.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Disable
Override string - disable object override in child device groups
- Forwarded
Only bool - mirror after security policy allow
- Interface string
- decrypt mirror port
- Location
Decryption
Profile Location - The location of this object.
- Name string
- Ssh
Proxy DecryptionProfile Ssh Proxy - Ssl
Forward DecryptionProxy Profile Ssl Forward Proxy - Ssl
Inbound DecryptionProxy Profile Ssl Inbound Proxy - Ssl
No DecryptionProxy Profile Ssl No Proxy - Ssl
Protocol DecryptionSettings Profile Ssl Protocol Settings
- Disable
Override string - disable object override in child device groups
- Forwarded
Only bool - mirror after security policy allow
- Interface string
- decrypt mirror port
- Location
Decryption
Profile Location Args - The location of this object.
- Name string
- Ssh
Proxy DecryptionProfile Ssh Proxy Args - Ssl
Forward DecryptionProxy Profile Ssl Forward Proxy Args - Ssl
Inbound DecryptionProxy Profile Ssl Inbound Proxy Args - Ssl
No DecryptionProxy Profile Ssl No Proxy Args - Ssl
Protocol DecryptionSettings Profile Ssl Protocol Settings Args
- disable_
override string - disable object override in child device groups
- forwarded_
only bool - mirror after security policy allow
- interface string
- decrypt mirror port
- location object
- The location of this object.
- name string
- ssh_
proxy object - ssl_
forward_ objectproxy - ssl_
inbound_ objectproxy - ssl_
no_ objectproxy - ssl_
protocol_ objectsettings
- disable
Override String - disable object override in child device groups
- forwarded
Only Boolean - mirror after security policy allow
- interface_ String
- decrypt mirror port
- location
Decryption
Profile Location - The location of this object.
- name String
- ssh
Proxy DecryptionProfile Ssh Proxy - ssl
Forward DecryptionProxy Profile Ssl Forward Proxy - ssl
Inbound DecryptionProxy Profile Ssl Inbound Proxy - ssl
No DecryptionProxy Profile Ssl No Proxy - ssl
Protocol DecryptionSettings Profile Ssl Protocol Settings
- disable
Override string - disable object override in child device groups
- forwarded
Only boolean - mirror after security policy allow
- interface string
- decrypt mirror port
- location
Decryption
Profile Location - The location of this object.
- name string
- ssh
Proxy DecryptionProfile Ssh Proxy - ssl
Forward DecryptionProxy Profile Ssl Forward Proxy - ssl
Inbound DecryptionProxy Profile Ssl Inbound Proxy - ssl
No DecryptionProxy Profile Ssl No Proxy - ssl
Protocol DecryptionSettings Profile Ssl Protocol Settings
- disable_
override str - disable object override in child device groups
- forwarded_
only bool - mirror after security policy allow
- interface str
- decrypt mirror port
- location
Decryption
Profile Location Args - The location of this object.
- name str
- ssh_
proxy DecryptionProfile Ssh Proxy Args - ssl_
forward_ Decryptionproxy Profile Ssl Forward Proxy Args - ssl_
inbound_ Decryptionproxy Profile Ssl Inbound Proxy Args - ssl_
no_ Decryptionproxy Profile Ssl No Proxy Args - ssl_
protocol_ Decryptionsettings Profile Ssl Protocol Settings Args
- disable
Override String - disable object override in child device groups
- forwarded
Only Boolean - mirror after security policy allow
- interface String
- decrypt mirror port
- location Property Map
- The location of this object.
- name String
- ssh
Proxy Property Map - ssl
Forward Property MapProxy - ssl
Inbound Property MapProxy - ssl
No Property MapProxy - ssl
Protocol Property MapSettings
Supporting Types
DecryptionProfileLocation, DecryptionProfileLocationArgs
- Device
Group DecryptionProfile Location Device Group - Located in a specific Device Group
-
Decryption
Profile Location Shared - Panorama shared object
- Vsys
Decryption
Profile Location Vsys - Located in a specific Virtual System
- Device
Group DecryptionProfile Location Device Group - Located in a specific Device Group
-
Decryption
Profile Location Shared - Panorama shared object
- Vsys
Decryption
Profile Location Vsys - Located in a specific Virtual System
- device_
group object - Located in a specific Device Group
- object
- Panorama shared object
- vsys object
- Located in a specific Virtual System
- device
Group DecryptionProfile Location Device Group - Located in a specific Device Group
-
Decryption
Profile Location Shared - Panorama shared object
- vsys
Decryption
Profile Location Vsys - Located in a specific Virtual System
- device
Group DecryptionProfile Location Device Group - Located in a specific Device Group
-
Decryption
Profile Location Shared - Panorama shared object
- vsys
Decryption
Profile Location Vsys - Located in a specific Virtual System
- device_
group DecryptionProfile Location Device Group - Located in a specific Device Group
-
Decryption
Profile Location Shared - Panorama shared object
- vsys
Decryption
Profile Location Vsys - Located in a specific Virtual System
- device
Group Property Map - Located in a specific Device Group
- Property Map
- Panorama shared object
- vsys Property Map
- Located in a specific Virtual System
DecryptionProfileLocationDeviceGroup, DecryptionProfileLocationDeviceGroupArgs
- Name string
- Device Group name
- Panorama
Device string - Panorama device name
- Name string
- Device Group name
- Panorama
Device string - Panorama device name
- name string
- Device Group name
- panorama_
device string - Panorama device name
- name String
- Device Group name
- panorama
Device String - Panorama device name
- name string
- Device Group name
- panorama
Device string - Panorama device name
- name str
- Device Group name
- panorama_
device str - Panorama device name
- name String
- Device Group name
- panorama
Device String - Panorama device name
DecryptionProfileLocationVsys, DecryptionProfileLocationVsysArgs
- Name string
- The Virtual System name
- Ngfw
Device string - The NGFW device name
- Name string
- The Virtual System name
- Ngfw
Device string - The NGFW device name
- name string
- The Virtual System name
- ngfw_
device string - The NGFW device name
- name String
- The Virtual System name
- ngfw
Device String - The NGFW device name
- name string
- The Virtual System name
- ngfw
Device string - The NGFW device name
- name str
- The Virtual System name
- ngfw_
device str - The NGFW device name
- name String
- The Virtual System name
- ngfw
Device String - The NGFW device name
DecryptionProfileSshProxy, DecryptionProfileSshProxyArgs
- Block
If boolNo Resource - whether to block sessions if device has no enough resources
- Block
Ssh boolErrors - whether to block sessions if ssh errors are encountered
- Block
Unsupported boolAlg - whether to block sessions if ssh algorithm is not supported
- Block
Unsupported boolVersion - whether to block sessions if ssh version is not supported
- Block
If boolNo Resource - whether to block sessions if device has no enough resources
- Block
Ssh boolErrors - whether to block sessions if ssh errors are encountered
- Block
Unsupported boolAlg - whether to block sessions if ssh algorithm is not supported
- Block
Unsupported boolVersion - whether to block sessions if ssh version is not supported
- block_
if_ boolno_ resource - whether to block sessions if device has no enough resources
- block_
ssh_ boolerrors - whether to block sessions if ssh errors are encountered
- block_
unsupported_ boolalg - whether to block sessions if ssh algorithm is not supported
- block_
unsupported_ boolversion - whether to block sessions if ssh version is not supported
- block
If BooleanNo Resource - whether to block sessions if device has no enough resources
- block
Ssh BooleanErrors - whether to block sessions if ssh errors are encountered
- block
Unsupported BooleanAlg - whether to block sessions if ssh algorithm is not supported
- block
Unsupported BooleanVersion - whether to block sessions if ssh version is not supported
- block
If booleanNo Resource - whether to block sessions if device has no enough resources
- block
Ssh booleanErrors - whether to block sessions if ssh errors are encountered
- block
Unsupported booleanAlg - whether to block sessions if ssh algorithm is not supported
- block
Unsupported booleanVersion - whether to block sessions if ssh version is not supported
- block_
if_ boolno_ resource - whether to block sessions if device has no enough resources
- block_
ssh_ boolerrors - whether to block sessions if ssh errors are encountered
- block_
unsupported_ boolalg - whether to block sessions if ssh algorithm is not supported
- block_
unsupported_ boolversion - whether to block sessions if ssh version is not supported
- block
If BooleanNo Resource - whether to block sessions if device has no enough resources
- block
Ssh BooleanErrors - whether to block sessions if ssh errors are encountered
- block
Unsupported BooleanAlg - whether to block sessions if ssh algorithm is not supported
- block
Unsupported BooleanVersion - whether to block sessions if ssh version is not supported
DecryptionProfileSslForwardProxy, DecryptionProfileSslForwardProxyArgs
- Auto
Include boolAltname - whether to automatically append SAN to impersonating certificate if server certificate is missing SAN
- Block
Client boolCert - Block sessions with client certificate
- Block
Expired boolCertificate - Block sessions with expired certificates
- bool
- whether to block sessions if HSM is unavailable
- Block
If boolNo Resource - whether to block sessions if device has no enough resources
- Block
If boolSni Mismatch - whether to block a session when certificate's subject name or SAN doesn't match SNI
- Block
Timeout boolCert - Block sessions if certificate status cannot be retrieved within timeout
- Block
Tls13Downgrade boolNo Resource - whether to downgrade from tls1.3 if device has not enough resources
- Block
Unknown boolCert - Block sessions if certificate status is unknown
- Block
Unsupported boolCipher - Block sessions with unsupported cipher suites
- Block
Unsupported boolVersion - Block sessions with unsupported protocol versions
- Block
Untrusted boolIssuer - Block sessions with untrusted certificate issuers
- Restrict
Cert boolExts - Restrict certificate extensions
- Strip
Alpn bool - Strip ALPN extension from ClientHello
- Auto
Include boolAltname - whether to automatically append SAN to impersonating certificate if server certificate is missing SAN
- Block
Client boolCert - Block sessions with client certificate
- Block
Expired boolCertificate - Block sessions with expired certificates
- bool
- whether to block sessions if HSM is unavailable
- Block
If boolNo Resource - whether to block sessions if device has no enough resources
- Block
If boolSni Mismatch - whether to block a session when certificate's subject name or SAN doesn't match SNI
- Block
Timeout boolCert - Block sessions if certificate status cannot be retrieved within timeout
- Block
Tls13Downgrade boolNo Resource - whether to downgrade from tls1.3 if device has not enough resources
- Block
Unknown boolCert - Block sessions if certificate status is unknown
- Block
Unsupported boolCipher - Block sessions with unsupported cipher suites
- Block
Unsupported boolVersion - Block sessions with unsupported protocol versions
- Block
Untrusted boolIssuer - Block sessions with untrusted certificate issuers
- Restrict
Cert boolExts - Restrict certificate extensions
- Strip
Alpn bool - Strip ALPN extension from ClientHello
- auto_
include_ boolaltname - whether to automatically append SAN to impersonating certificate if server certificate is missing SAN
- block_
client_ boolcert - Block sessions with client certificate
- block_
expired_ boolcertificate - Block sessions with expired certificates
- bool
- whether to block sessions if HSM is unavailable
- block_
if_ boolno_ resource - whether to block sessions if device has no enough resources
- block_
if_ boolsni_ mismatch - whether to block a session when certificate's subject name or SAN doesn't match SNI
- block_
timeout_ boolcert - Block sessions if certificate status cannot be retrieved within timeout
- block_
tls13_ booldowngrade_ no_ resource - whether to downgrade from tls1.3 if device has not enough resources
- block_
unknown_ boolcert - Block sessions if certificate status is unknown
- block_
unsupported_ boolcipher - Block sessions with unsupported cipher suites
- block_
unsupported_ boolversion - Block sessions with unsupported protocol versions
- block_
untrusted_ boolissuer - Block sessions with untrusted certificate issuers
- restrict_
cert_ boolexts - Restrict certificate extensions
- strip_
alpn bool - Strip ALPN extension from ClientHello
- auto
Include BooleanAltname - whether to automatically append SAN to impersonating certificate if server certificate is missing SAN
- block
Client BooleanCert - Block sessions with client certificate
- block
Expired BooleanCertificate - Block sessions with expired certificates
- Boolean
- whether to block sessions if HSM is unavailable
- block
If BooleanNo Resource - whether to block sessions if device has no enough resources
- block
If BooleanSni Mismatch - whether to block a session when certificate's subject name or SAN doesn't match SNI
- block
Timeout BooleanCert - Block sessions if certificate status cannot be retrieved within timeout
- block
Tls13Downgrade BooleanNo Resource - whether to downgrade from tls1.3 if device has not enough resources
- block
Unknown BooleanCert - Block sessions if certificate status is unknown
- block
Unsupported BooleanCipher - Block sessions with unsupported cipher suites
- block
Unsupported BooleanVersion - Block sessions with unsupported protocol versions
- block
Untrusted BooleanIssuer - Block sessions with untrusted certificate issuers
- restrict
Cert BooleanExts - Restrict certificate extensions
- strip
Alpn Boolean - Strip ALPN extension from ClientHello
- auto
Include booleanAltname - whether to automatically append SAN to impersonating certificate if server certificate is missing SAN
- block
Client booleanCert - Block sessions with client certificate
- block
Expired booleanCertificate - Block sessions with expired certificates
- boolean
- whether to block sessions if HSM is unavailable
- block
If booleanNo Resource - whether to block sessions if device has no enough resources
- block
If booleanSni Mismatch - whether to block a session when certificate's subject name or SAN doesn't match SNI
- block
Timeout booleanCert - Block sessions if certificate status cannot be retrieved within timeout
- block
Tls13Downgrade booleanNo Resource - whether to downgrade from tls1.3 if device has not enough resources
- block
Unknown booleanCert - Block sessions if certificate status is unknown
- block
Unsupported booleanCipher - Block sessions with unsupported cipher suites
- block
Unsupported booleanVersion - Block sessions with unsupported protocol versions
- block
Untrusted booleanIssuer - Block sessions with untrusted certificate issuers
- restrict
Cert booleanExts - Restrict certificate extensions
- strip
Alpn boolean - Strip ALPN extension from ClientHello
- auto_
include_ boolaltname - whether to automatically append SAN to impersonating certificate if server certificate is missing SAN
- block_
client_ boolcert - Block sessions with client certificate
- block_
expired_ boolcertificate - Block sessions with expired certificates
- bool
- whether to block sessions if HSM is unavailable
- block_
if_ boolno_ resource - whether to block sessions if device has no enough resources
- block_
if_ boolsni_ mismatch - whether to block a session when certificate's subject name or SAN doesn't match SNI
- block_
timeout_ boolcert - Block sessions if certificate status cannot be retrieved within timeout
- block_
tls13_ booldowngrade_ no_ resource - whether to downgrade from tls1.3 if device has not enough resources
- block_
unknown_ boolcert - Block sessions if certificate status is unknown
- block_
unsupported_ boolcipher - Block sessions with unsupported cipher suites
- block_
unsupported_ boolversion - Block sessions with unsupported protocol versions
- block_
untrusted_ boolissuer - Block sessions with untrusted certificate issuers
- restrict_
cert_ boolexts - Restrict certificate extensions
- strip_
alpn bool - Strip ALPN extension from ClientHello
- auto
Include BooleanAltname - whether to automatically append SAN to impersonating certificate if server certificate is missing SAN
- block
Client BooleanCert - Block sessions with client certificate
- block
Expired BooleanCertificate - Block sessions with expired certificates
- Boolean
- whether to block sessions if HSM is unavailable
- block
If BooleanNo Resource - whether to block sessions if device has no enough resources
- block
If BooleanSni Mismatch - whether to block a session when certificate's subject name or SAN doesn't match SNI
- block
Timeout BooleanCert - Block sessions if certificate status cannot be retrieved within timeout
- block
Tls13Downgrade BooleanNo Resource - whether to downgrade from tls1.3 if device has not enough resources
- block
Unknown BooleanCert - Block sessions if certificate status is unknown
- block
Unsupported BooleanCipher - Block sessions with unsupported cipher suites
- block
Unsupported BooleanVersion - Block sessions with unsupported protocol versions
- block
Untrusted BooleanIssuer - Block sessions with untrusted certificate issuers
- restrict
Cert BooleanExts - Restrict certificate extensions
- strip
Alpn Boolean - Strip ALPN extension from ClientHello
DecryptionProfileSslInboundProxy, DecryptionProfileSslInboundProxyArgs
- bool
- Block sessions when HSM is unavailable
- Block
If boolNo Resource - Block sessions when decryption resources are not available
- Block
Tls13Downgrade boolNo Resource - Block TLS 1.3 downgrade when no resources are available
- Block
Unsupported boolCipher - Block sessions with unsupported cipher suites
- Block
Unsupported boolVersion - Block sessions with unsupported protocol versions
- bool
- Block sessions when HSM is unavailable
- Block
If boolNo Resource - Block sessions when decryption resources are not available
- Block
Tls13Downgrade boolNo Resource - Block TLS 1.3 downgrade when no resources are available
- Block
Unsupported boolCipher - Block sessions with unsupported cipher suites
- Block
Unsupported boolVersion - Block sessions with unsupported protocol versions
- bool
- Block sessions when HSM is unavailable
- block_
if_ boolno_ resource - Block sessions when decryption resources are not available
- block_
tls13_ booldowngrade_ no_ resource - Block TLS 1.3 downgrade when no resources are available
- block_
unsupported_ boolcipher - Block sessions with unsupported cipher suites
- block_
unsupported_ boolversion - Block sessions with unsupported protocol versions
- Boolean
- Block sessions when HSM is unavailable
- block
If BooleanNo Resource - Block sessions when decryption resources are not available
- block
Tls13Downgrade BooleanNo Resource - Block TLS 1.3 downgrade when no resources are available
- block
Unsupported BooleanCipher - Block sessions with unsupported cipher suites
- block
Unsupported BooleanVersion - Block sessions with unsupported protocol versions
- boolean
- Block sessions when HSM is unavailable
- block
If booleanNo Resource - Block sessions when decryption resources are not available
- block
Tls13Downgrade booleanNo Resource - Block TLS 1.3 downgrade when no resources are available
- block
Unsupported booleanCipher - Block sessions with unsupported cipher suites
- block
Unsupported booleanVersion - Block sessions with unsupported protocol versions
- bool
- Block sessions when HSM is unavailable
- block_
if_ boolno_ resource - Block sessions when decryption resources are not available
- block_
tls13_ booldowngrade_ no_ resource - Block TLS 1.3 downgrade when no resources are available
- block_
unsupported_ boolcipher - Block sessions with unsupported cipher suites
- block_
unsupported_ boolversion - Block sessions with unsupported protocol versions
- Boolean
- Block sessions when HSM is unavailable
- block
If BooleanNo Resource - Block sessions when decryption resources are not available
- block
Tls13Downgrade BooleanNo Resource - Block TLS 1.3 downgrade when no resources are available
- block
Unsupported BooleanCipher - Block sessions with unsupported cipher suites
- block
Unsupported BooleanVersion - Block sessions with unsupported protocol versions
DecryptionProfileSslNoProxy, DecryptionProfileSslNoProxyArgs
- Block
Expired boolCertificate - Block sessions with expired certificates
- Block
Untrusted boolIssuer - Block sessions with untrusted certificate issuers
- Block
Expired boolCertificate - Block sessions with expired certificates
- Block
Untrusted boolIssuer - Block sessions with untrusted certificate issuers
- block_
expired_ boolcertificate - Block sessions with expired certificates
- block_
untrusted_ boolissuer - Block sessions with untrusted certificate issuers
- block
Expired BooleanCertificate - Block sessions with expired certificates
- block
Untrusted BooleanIssuer - Block sessions with untrusted certificate issuers
- block
Expired booleanCertificate - Block sessions with expired certificates
- block
Untrusted booleanIssuer - Block sessions with untrusted certificate issuers
- block_
expired_ boolcertificate - Block sessions with expired certificates
- block_
untrusted_ boolissuer - Block sessions with untrusted certificate issuers
- block
Expired BooleanCertificate - Block sessions with expired certificates
- block
Untrusted BooleanIssuer - Block sessions with untrusted certificate issuers
DecryptionProfileSslProtocolSettings, DecryptionProfileSslProtocolSettingsArgs
- Auth
Algo boolMd5 - Allow MD5 authentication algorithm
- Auth
Algo boolSha1 - Allow SHA1 authentication algorithm
- Auth
Algo boolSha256 - Allow SHA256 authentication algorithm
- Auth
Algo boolSha384 - Allow SHA384 authentication algorithm
- Enc
Algo3des bool - Allow 3DES encryption algorithm
- Enc
Algo boolAes128Cbc - Allow AES-128-CBC encryption algorithm
- Enc
Algo boolAes128Gcm - Allow AES-128-GCM encryption algorithm
- Enc
Algo boolAes256Cbc - Allow AES-256-CBC encryption algorithm
- Enc
Algo boolAes256Gcm - Allow AES-256-GCM encryption algorithm
- Enc
Algo boolChacha20Poly1305 - Allow algorithm chacha20-poly1305
- Enc
Algo boolRc4 - Allow RC4 encryption algorithm
- Keyxchg
Algo boolDhe - Allow DHE key exchange algorithm
- Keyxchg
Algo boolEcdhe - Allow ECDHE key exchange algorithm
- Keyxchg
Algo boolRsa - Allow RSA key exchange algorithm
- Max
Version string - Maximum SSL/TLS protocol version
- Min
Version string - Minimum SSL/TLS protocol version
- Auth
Algo boolMd5 - Allow MD5 authentication algorithm
- Auth
Algo boolSha1 - Allow SHA1 authentication algorithm
- Auth
Algo boolSha256 - Allow SHA256 authentication algorithm
- Auth
Algo boolSha384 - Allow SHA384 authentication algorithm
- Enc
Algo3des bool - Allow 3DES encryption algorithm
- Enc
Algo boolAes128Cbc - Allow AES-128-CBC encryption algorithm
- Enc
Algo boolAes128Gcm - Allow AES-128-GCM encryption algorithm
- Enc
Algo boolAes256Cbc - Allow AES-256-CBC encryption algorithm
- Enc
Algo boolAes256Gcm - Allow AES-256-GCM encryption algorithm
- Enc
Algo boolChacha20Poly1305 - Allow algorithm chacha20-poly1305
- Enc
Algo boolRc4 - Allow RC4 encryption algorithm
- Keyxchg
Algo boolDhe - Allow DHE key exchange algorithm
- Keyxchg
Algo boolEcdhe - Allow ECDHE key exchange algorithm
- Keyxchg
Algo boolRsa - Allow RSA key exchange algorithm
- Max
Version string - Maximum SSL/TLS protocol version
- Min
Version string - Minimum SSL/TLS protocol version
- auth_
algo_ boolmd5 - Allow MD5 authentication algorithm
- auth_
algo_ boolsha1 - Allow SHA1 authentication algorithm
- auth_
algo_ boolsha256 - Allow SHA256 authentication algorithm
- auth_
algo_ boolsha384 - Allow SHA384 authentication algorithm
- enc_
algo3des bool - Allow 3DES encryption algorithm
- enc_
algo_ boolaes128_ cbc - Allow AES-128-CBC encryption algorithm
- enc_
algo_ boolaes128_ gcm - Allow AES-128-GCM encryption algorithm
- enc_
algo_ boolaes256_ cbc - Allow AES-256-CBC encryption algorithm
- enc_
algo_ boolaes256_ gcm - Allow AES-256-GCM encryption algorithm
- enc_
algo_ boolchacha20_ poly1305 - Allow algorithm chacha20-poly1305
- enc_
algo_ boolrc4 - Allow RC4 encryption algorithm
- keyxchg_
algo_ booldhe - Allow DHE key exchange algorithm
- keyxchg_
algo_ boolecdhe - Allow ECDHE key exchange algorithm
- keyxchg_
algo_ boolrsa - Allow RSA key exchange algorithm
- max_
version string - Maximum SSL/TLS protocol version
- min_
version string - Minimum SSL/TLS protocol version
- auth
Algo BooleanMd5 - Allow MD5 authentication algorithm
- auth
Algo BooleanSha1 - Allow SHA1 authentication algorithm
- auth
Algo BooleanSha256 - Allow SHA256 authentication algorithm
- auth
Algo BooleanSha384 - Allow SHA384 authentication algorithm
- enc
Algo3des Boolean - Allow 3DES encryption algorithm
- enc
Algo BooleanAes128Cbc - Allow AES-128-CBC encryption algorithm
- enc
Algo BooleanAes128Gcm - Allow AES-128-GCM encryption algorithm
- enc
Algo BooleanAes256Cbc - Allow AES-256-CBC encryption algorithm
- enc
Algo BooleanAes256Gcm - Allow AES-256-GCM encryption algorithm
- enc
Algo BooleanChacha20Poly1305 - Allow algorithm chacha20-poly1305
- enc
Algo BooleanRc4 - Allow RC4 encryption algorithm
- keyxchg
Algo BooleanDhe - Allow DHE key exchange algorithm
- keyxchg
Algo BooleanEcdhe - Allow ECDHE key exchange algorithm
- keyxchg
Algo BooleanRsa - Allow RSA key exchange algorithm
- max
Version String - Maximum SSL/TLS protocol version
- min
Version String - Minimum SSL/TLS protocol version
- auth
Algo booleanMd5 - Allow MD5 authentication algorithm
- auth
Algo booleanSha1 - Allow SHA1 authentication algorithm
- auth
Algo booleanSha256 - Allow SHA256 authentication algorithm
- auth
Algo booleanSha384 - Allow SHA384 authentication algorithm
- enc
Algo3des boolean - Allow 3DES encryption algorithm
- enc
Algo booleanAes128Cbc - Allow AES-128-CBC encryption algorithm
- enc
Algo booleanAes128Gcm - Allow AES-128-GCM encryption algorithm
- enc
Algo booleanAes256Cbc - Allow AES-256-CBC encryption algorithm
- enc
Algo booleanAes256Gcm - Allow AES-256-GCM encryption algorithm
- enc
Algo booleanChacha20Poly1305 - Allow algorithm chacha20-poly1305
- enc
Algo booleanRc4 - Allow RC4 encryption algorithm
- keyxchg
Algo booleanDhe - Allow DHE key exchange algorithm
- keyxchg
Algo booleanEcdhe - Allow ECDHE key exchange algorithm
- keyxchg
Algo booleanRsa - Allow RSA key exchange algorithm
- max
Version string - Maximum SSL/TLS protocol version
- min
Version string - Minimum SSL/TLS protocol version
- auth_
algo_ boolmd5 - Allow MD5 authentication algorithm
- auth_
algo_ boolsha1 - Allow SHA1 authentication algorithm
- auth_
algo_ boolsha256 - Allow SHA256 authentication algorithm
- auth_
algo_ boolsha384 - Allow SHA384 authentication algorithm
- enc_
algo3des bool - Allow 3DES encryption algorithm
- enc_
algo_ boolaes128_ cbc - Allow AES-128-CBC encryption algorithm
- enc_
algo_ boolaes128_ gcm - Allow AES-128-GCM encryption algorithm
- enc_
algo_ boolaes256_ cbc - Allow AES-256-CBC encryption algorithm
- enc_
algo_ boolaes256_ gcm - Allow AES-256-GCM encryption algorithm
- enc_
algo_ boolchacha20_ poly1305 - Allow algorithm chacha20-poly1305
- enc_
algo_ boolrc4 - Allow RC4 encryption algorithm
- keyxchg_
algo_ booldhe - Allow DHE key exchange algorithm
- keyxchg_
algo_ boolecdhe - Allow ECDHE key exchange algorithm
- keyxchg_
algo_ boolrsa - Allow RSA key exchange algorithm
- max_
version str - Maximum SSL/TLS protocol version
- min_
version str - Minimum SSL/TLS protocol version
- auth
Algo BooleanMd5 - Allow MD5 authentication algorithm
- auth
Algo BooleanSha1 - Allow SHA1 authentication algorithm
- auth
Algo BooleanSha256 - Allow SHA256 authentication algorithm
- auth
Algo BooleanSha384 - Allow SHA384 authentication algorithm
- enc
Algo3des Boolean - Allow 3DES encryption algorithm
- enc
Algo BooleanAes128Cbc - Allow AES-128-CBC encryption algorithm
- enc
Algo BooleanAes128Gcm - Allow AES-128-GCM encryption algorithm
- enc
Algo BooleanAes256Cbc - Allow AES-256-CBC encryption algorithm
- enc
Algo BooleanAes256Gcm - Allow AES-256-GCM encryption algorithm
- enc
Algo BooleanChacha20Poly1305 - Allow algorithm chacha20-poly1305
- enc
Algo BooleanRc4 - Allow RC4 encryption algorithm
- keyxchg
Algo BooleanDhe - Allow DHE key exchange algorithm
- keyxchg
Algo BooleanEcdhe - Allow ECDHE key exchange algorithm
- keyxchg
Algo BooleanRsa - Allow RSA key exchange algorithm
- max
Version String - Maximum SSL/TLS protocol version
- min
Version String - Minimum SSL/TLS protocol version
Package Details
- Repository
- panos paloaltonetworks/terraform-provider-panos
- License
- Notes
- This Pulumi package is based on the
panosTerraform Provider.
Viewing docs for panos 2.0.12
published on Wednesday, Jun 17, 2026 by paloaltonetworks
published on Wednesday, Jun 17, 2026 by paloaltonetworks