fortimanager 1.13.0, Mar 13 25

fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortinetdev/terraform-provider-fortimanager

fortimanager.ObjectFirewallSslsshprofile

Explore with Pulumi AI

fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortinetdev/terraform-provider-fortimanager

The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.
dot: fortimanager.ObjectFirewallSslsshprofileDot
ech_outer_sni: fortimanager.ObjectFirewallSslsshprofileEchoutersni
ftps: fortimanager.ObjectFirewallSslsshprofileFtps
https: fortimanager.ObjectFirewallSslsshprofileHttps
imaps: fortimanager.ObjectFirewallSslsshprofileImaps
pop3s: fortimanager.ObjectFirewallSslsshprofilePop3s
smtps: fortimanager.ObjectFirewallSslsshprofileSmtps
ssh: fortimanager.ObjectFirewallSslsshprofileSsh
ssl: fortimanager.ObjectFirewallSslsshprofileSsl
ssl_exempt: fortimanager.ObjectFirewallSslsshprofileSslexempt
ssl_server: fortimanager.ObjectFirewallSslsshprofileSslserver

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";

const trname = new fortimanager.ObjectFirewallSslsshprofile("trname", {
    comment: "terraform-comment1",
    mapiOverHttps: "disable",
    useSslServer: "disable",
    whitelist: "enable",
});

import pulumi
import pulumi_fortimanager as fortimanager

trname = fortimanager.ObjectFirewallSslsshprofile("trname",
    comment="terraform-comment1",
    mapi_over_https="disable",
    use_ssl_server="disable",
    whitelist="enable")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := fortimanager.NewObjectFirewallSslsshprofile(ctx, "trname", &fortimanager.ObjectFirewallSslsshprofileArgs{
			Comment:       pulumi.String("terraform-comment1"),
			MapiOverHttps: pulumi.String("disable"),
			UseSslServer:  pulumi.String("disable"),
			Whitelist:     pulumi.String("enable"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;

return await Deployment.RunAsync(() => 
{
    var trname = new Fortimanager.ObjectFirewallSslsshprofile("trname", new()
    {
        Comment = "terraform-comment1",
        MapiOverHttps = "disable",
        UseSslServer = "disable",
        Whitelist = "enable",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.ObjectFirewallSslsshprofile;
import com.pulumi.fortimanager.ObjectFirewallSslsshprofileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var trname = new ObjectFirewallSslsshprofile("trname", ObjectFirewallSslsshprofileArgs.builder()
            .comment("terraform-comment1")
            .mapiOverHttps("disable")
            .useSslServer("disable")
            .whitelist("enable")
            .build());

    }
}

resources:
  trname:
    type: fortimanager:ObjectFirewallSslsshprofile
    properties:
      comment: terraform-comment1
      mapiOverHttps: disable
      useSslServer: disable
      whitelist: enable

Create ObjectFirewallSslsshprofile Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ObjectFirewallSslsshprofile(name: string, args?: ObjectFirewallSslsshprofileArgs, opts?: CustomResourceOptions);

@overload
def ObjectFirewallSslsshprofile(resource_name: str,
                                args: Optional[ObjectFirewallSslsshprofileArgs] = None,
                                opts: Optional[ResourceOptions] = None)

@overload
def ObjectFirewallSslsshprofile(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                adom: Optional[str] = None,
                                allowlist: Optional[str] = None,
                                block_blacklisted_certificates: Optional[str] = None,
                                block_blocklisted_certificates: Optional[str] = None,
                                caname: Optional[str] = None,
                                comment: Optional[str] = None,
                                dot: Optional[ObjectFirewallSslsshprofileDotArgs] = None,
                                dynamic_sort_subtable: Optional[str] = None,
                                ech_outer_snis: Optional[Sequence[ObjectFirewallSslsshprofileEchOuterSniArgs]] = None,
                                ftps: Optional[ObjectFirewallSslsshprofileFtpsArgs] = None,
                                https: Optional[ObjectFirewallSslsshprofileHttpsArgs] = None,
                                imaps: Optional[ObjectFirewallSslsshprofileImapsArgs] = None,
                                mapi_over_https: Optional[str] = None,
                                name: Optional[str] = None,
                                object_firewall_sslsshprofile_id: Optional[str] = None,
                                pop3s: Optional[ObjectFirewallSslsshprofilePop3sArgs] = None,
                                rpc_over_https: Optional[str] = None,
                                scopetype: Optional[str] = None,
                                server_cert: Optional[str] = None,
                                server_cert_mode: Optional[str] = None,
                                smtps: Optional[ObjectFirewallSslsshprofileSmtpsArgs] = None,
                                ssh: Optional[ObjectFirewallSslsshprofileSshArgs] = None,
                                ssl: Optional[ObjectFirewallSslsshprofileSslArgs] = None,
                                ssl_anomalies_log: Optional[str] = None,
                                ssl_anomaly_log: Optional[str] = None,
                                ssl_exemption_ip_rating: Optional[str] = None,
                                ssl_exemption_log: Optional[str] = None,
                                ssl_exemptions_log: Optional[str] = None,
                                ssl_exempts: Optional[Sequence[ObjectFirewallSslsshprofileSslExemptArgs]] = None,
                                ssl_handshake_log: Optional[str] = None,
                                ssl_negotiation_log: Optional[str] = None,
                                ssl_server_cert_log: Optional[str] = None,
                                ssl_servers: Optional[Sequence[ObjectFirewallSslsshprofileSslServerArgs]] = None,
                                supported_alpn: Optional[str] = None,
                                untrusted_caname: Optional[str] = None,
                                use_ssl_server: Optional[str] = None,
                                whitelist: Optional[str] = None)

func NewObjectFirewallSslsshprofile(ctx *Context, name string, args *ObjectFirewallSslsshprofileArgs, opts ...ResourceOption) (*ObjectFirewallSslsshprofile, error)

public ObjectFirewallSslsshprofile(string name, ObjectFirewallSslsshprofileArgs? args = null, CustomResourceOptions? opts = null)

public ObjectFirewallSslsshprofile(String name, ObjectFirewallSslsshprofileArgs args)
public ObjectFirewallSslsshprofile(String name, ObjectFirewallSslsshprofileArgs args, CustomResourceOptions options)

type: fortimanager:ObjectFirewallSslsshprofile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ObjectFirewallSslsshprofileArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ObjectFirewallSslsshprofileArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ObjectFirewallSslsshprofileArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ObjectFirewallSslsshprofileArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ObjectFirewallSslsshprofileArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var objectFirewallSslsshprofileResource = new Fortimanager.ObjectFirewallSslsshprofile("objectFirewallSslsshprofileResource", new()
{
    Adom = "string",
    Allowlist = "string",
    BlockBlacklistedCertificates = "string",
    BlockBlocklistedCertificates = "string",
    Caname = "string",
    Comment = "string",
    Dot = new Fortimanager.Inputs.ObjectFirewallSslsshprofileDotArgs
    {
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertificate = "string",
        ExpiredServerCert = "string",
        MinAllowedSslVersion = "string",
        ProxyAfterTcpHandshake = "string",
        Quic = "string",
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        Status = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedServerCert = "string",
    },
    DynamicSortSubtable = "string",
    EchOuterSnis = new[]
    {
        new Fortimanager.Inputs.ObjectFirewallSslsshprofileEchOuterSniArgs
        {
            Name = "string",
            Sni = "string",
        },
    },
    Ftps = new Fortimanager.Inputs.ObjectFirewallSslsshprofileFtpsArgs
    {
        AllowInvalidServerCert = "string",
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertRequest = "string",
        ClientCertificate = "string",
        ExpiredServerCert = "string",
        InvalidServerCert = "string",
        MinAllowedSslVersion = "string",
        Ports = new[]
        {
            0,
        },
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        Status = "string",
        UnsupportedSsl = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedCert = "string",
        UntrustedServerCert = "string",
    },
    Https = new Fortimanager.Inputs.ObjectFirewallSslsshprofileHttpsArgs
    {
        AllowInvalidServerCert = "string",
        CertProbeFailure = "string",
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertRequest = "string",
        ClientCertificate = "string",
        EncryptedClientHello = "string",
        ExpiredServerCert = "string",
        InvalidServerCert = "string",
        MinAllowedSslVersion = "string",
        Ports = new[]
        {
            0,
        },
        ProxyAfterTcpHandshake = "string",
        Quic = "string",
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        Status = "string",
        UnsupportedSsl = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedCert = "string",
        UntrustedServerCert = "string",
    },
    Imaps = new Fortimanager.Inputs.ObjectFirewallSslsshprofileImapsArgs
    {
        AllowInvalidServerCert = "string",
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertRequest = "string",
        ClientCertificate = "string",
        ExpiredServerCert = "string",
        InvalidServerCert = "string",
        MinAllowedSslVersion = "string",
        Ports = new[]
        {
            0,
        },
        ProxyAfterTcpHandshake = "string",
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        Status = "string",
        UnsupportedSsl = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedCert = "string",
        UntrustedServerCert = "string",
    },
    MapiOverHttps = "string",
    Name = "string",
    ObjectFirewallSslsshprofileId = "string",
    Pop3s = new Fortimanager.Inputs.ObjectFirewallSslsshprofilePop3sArgs
    {
        AllowInvalidServerCert = "string",
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertRequest = "string",
        ClientCertificate = "string",
        ExpiredServerCert = "string",
        InvalidServerCert = "string",
        MinAllowedSslVersion = "string",
        Ports = new[]
        {
            0,
        },
        ProxyAfterTcpHandshake = "string",
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        Status = "string",
        UnsupportedSsl = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedCert = "string",
        UntrustedServerCert = "string",
    },
    RpcOverHttps = "string",
    Scopetype = "string",
    ServerCert = "string",
    ServerCertMode = "string",
    Smtps = new Fortimanager.Inputs.ObjectFirewallSslsshprofileSmtpsArgs
    {
        AllowInvalidServerCert = "string",
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertRequest = "string",
        ClientCertificate = "string",
        ExpiredServerCert = "string",
        InvalidServerCert = "string",
        MinAllowedSslVersion = "string",
        Ports = new[]
        {
            0,
        },
        ProxyAfterTcpHandshake = "string",
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        Status = "string",
        UnsupportedSsl = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedCert = "string",
        UntrustedServerCert = "string",
    },
    Ssh = new Fortimanager.Inputs.ObjectFirewallSslsshprofileSshArgs
    {
        InspectAll = "string",
        Ports = new[]
        {
            0,
        },
        ProxyAfterTcpHandshake = "string",
        SshAlgorithm = "string",
        SshPolicyCheck = "string",
        SshTunPolicyCheck = "string",
        Status = "string",
        UnsupportedVersion = "string",
    },
    Ssl = new Fortimanager.Inputs.ObjectFirewallSslsshprofileSslArgs
    {
        AllowInvalidServerCert = "string",
        CertProbeFailure = "string",
        CertValidationFailure = "string",
        CertValidationTimeout = "string",
        ClientCertRequest = "string",
        ClientCertificate = "string",
        EncryptedClientHello = "string",
        ExpiredServerCert = "string",
        InspectAll = "string",
        InvalidServerCert = "string",
        MinAllowedSslVersion = "string",
        RevokedServerCert = "string",
        SniServerCertCheck = "string",
        UnsupportedSsl = "string",
        UnsupportedSslCipher = "string",
        UnsupportedSslNegotiation = "string",
        UnsupportedSslVersion = "string",
        UntrustedCert = "string",
        UntrustedServerCert = "string",
    },
    SslAnomaliesLog = "string",
    SslAnomalyLog = "string",
    SslExemptionIpRating = "string",
    SslExemptionLog = "string",
    SslExemptionsLog = "string",
    SslExempts = new[]
    {
        new Fortimanager.Inputs.ObjectFirewallSslsshprofileSslExemptArgs
        {
            Address = "string",
            Address6 = "string",
            FortiguardCategories = new[]
            {
                "string",
            },
            Id = 0,
            Regex = "string",
            Type = "string",
            WildcardFqdns = new[]
            {
                "string",
            },
        },
    },
    SslHandshakeLog = "string",
    SslNegotiationLog = "string",
    SslServerCertLog = "string",
    SslServers = new[]
    {
        new Fortimanager.Inputs.ObjectFirewallSslsshprofileSslServerArgs
        {
            FtpsClientCertRequest = "string",
            FtpsClientCertificate = "string",
            HttpsClientCertRequest = "string",
            HttpsClientCertificate = "string",
            Id = 0,
            ImapsClientCertRequest = "string",
            ImapsClientCertificate = "string",
            Ip = "string",
            Pop3sClientCertRequest = "string",
            Pop3sClientCertificate = "string",
            SmtpsClientCertRequest = "string",
            SmtpsClientCertificate = "string",
            SslOtherClientCertRequest = "string",
            SslOtherClientCertificate = "string",
        },
    },
    SupportedAlpn = "string",
    UntrustedCaname = "string",
    UseSslServer = "string",
    Whitelist = "string",
});

example, err := fortimanager.NewObjectFirewallSslsshprofile(ctx, "objectFirewallSslsshprofileResource", &fortimanager.ObjectFirewallSslsshprofileArgs{
Adom: pulumi.String("string"),
Allowlist: pulumi.String("string"),
BlockBlacklistedCertificates: pulumi.String("string"),
BlockBlocklistedCertificates: pulumi.String("string"),
Caname: pulumi.String("string"),
Comment: pulumi.String("string"),
Dot: &.ObjectFirewallSslsshprofileDotTypeArgs{
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
ProxyAfterTcpHandshake: pulumi.String("string"),
Quic: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
DynamicSortSubtable: pulumi.String("string"),
EchOuterSnis: .ObjectFirewallSslsshprofileEchOuterSniTypeArray{
&.ObjectFirewallSslsshprofileEchOuterSniTypeArgs{
Name: pulumi.String("string"),
Sni: pulumi.String("string"),
},
},
Ftps: &.ObjectFirewallSslsshprofileFtpsTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
Https: &.ObjectFirewallSslsshprofileHttpsTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertProbeFailure: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
EncryptedClientHello: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
Quic: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
Imaps: &.ObjectFirewallSslsshprofileImapsTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
MapiOverHttps: pulumi.String("string"),
Name: pulumi.String("string"),
ObjectFirewallSslsshprofileId: pulumi.String("string"),
Pop3s: &.ObjectFirewallSslsshprofilePop3sTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
RpcOverHttps: pulumi.String("string"),
Scopetype: pulumi.String("string"),
ServerCert: pulumi.String("string"),
ServerCertMode: pulumi.String("string"),
Smtps: &.ObjectFirewallSslsshprofileSmtpsTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
Ssh: &.ObjectFirewallSslsshprofileSshTypeArgs{
InspectAll: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
ProxyAfterTcpHandshake: pulumi.String("string"),
SshAlgorithm: pulumi.String("string"),
SshPolicyCheck: pulumi.String("string"),
SshTunPolicyCheck: pulumi.String("string"),
Status: pulumi.String("string"),
UnsupportedVersion: pulumi.String("string"),
},
Ssl: &.ObjectFirewallSslsshprofileSslTypeArgs{
AllowInvalidServerCert: pulumi.String("string"),
CertProbeFailure: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
EncryptedClientHello: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
InspectAll: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
},
SslAnomaliesLog: pulumi.String("string"),
SslAnomalyLog: pulumi.String("string"),
SslExemptionIpRating: pulumi.String("string"),
SslExemptionLog: pulumi.String("string"),
SslExemptionsLog: pulumi.String("string"),
SslExempts: .ObjectFirewallSslsshprofileSslExemptTypeArray{
&.ObjectFirewallSslsshprofileSslExemptTypeArgs{
Address: pulumi.String("string"),
Address6: pulumi.String("string"),
FortiguardCategories: pulumi.StringArray{
pulumi.String("string"),
},
Id: pulumi.Float64(0),
Regex: pulumi.String("string"),
Type: pulumi.String("string"),
WildcardFqdns: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslHandshakeLog: pulumi.String("string"),
SslNegotiationLog: pulumi.String("string"),
SslServerCertLog: pulumi.String("string"),
SslServers: .ObjectFirewallSslsshprofileSslServerTypeArray{
&.ObjectFirewallSslsshprofileSslServerTypeArgs{
FtpsClientCertRequest: pulumi.String("string"),
FtpsClientCertificate: pulumi.String("string"),
HttpsClientCertRequest: pulumi.String("string"),
HttpsClientCertificate: pulumi.String("string"),
Id: pulumi.Float64(0),
ImapsClientCertRequest: pulumi.String("string"),
ImapsClientCertificate: pulumi.String("string"),
Ip: pulumi.String("string"),
Pop3sClientCertRequest: pulumi.String("string"),
Pop3sClientCertificate: pulumi.String("string"),
SmtpsClientCertRequest: pulumi.String("string"),
SmtpsClientCertificate: pulumi.String("string"),
SslOtherClientCertRequest: pulumi.String("string"),
SslOtherClientCertificate: pulumi.String("string"),
},
},
SupportedAlpn: pulumi.String("string"),
UntrustedCaname: pulumi.String("string"),
UseSslServer: pulumi.String("string"),
Whitelist: pulumi.String("string"),
})

var objectFirewallSslsshprofileResource = new ObjectFirewallSslsshprofile("objectFirewallSslsshprofileResource", ObjectFirewallSslsshprofileArgs.builder()
    .adom("string")
    .allowlist("string")
    .blockBlacklistedCertificates("string")
    .blockBlocklistedCertificates("string")
    .caname("string")
    .comment("string")
    .dot(ObjectFirewallSslsshprofileDotArgs.builder()
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertificate("string")
        .expiredServerCert("string")
        .minAllowedSslVersion("string")
        .proxyAfterTcpHandshake("string")
        .quic("string")
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .status("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedServerCert("string")
        .build())
    .dynamicSortSubtable("string")
    .echOuterSnis(ObjectFirewallSslsshprofileEchOuterSniArgs.builder()
        .name("string")
        .sni("string")
        .build())
    .ftps(ObjectFirewallSslsshprofileFtpsArgs.builder()
        .allowInvalidServerCert("string")
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertRequest("string")
        .clientCertificate("string")
        .expiredServerCert("string")
        .invalidServerCert("string")
        .minAllowedSslVersion("string")
        .ports(0)
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .status("string")
        .unsupportedSsl("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedCert("string")
        .untrustedServerCert("string")
        .build())
    .https(ObjectFirewallSslsshprofileHttpsArgs.builder()
        .allowInvalidServerCert("string")
        .certProbeFailure("string")
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertRequest("string")
        .clientCertificate("string")
        .encryptedClientHello("string")
        .expiredServerCert("string")
        .invalidServerCert("string")
        .minAllowedSslVersion("string")
        .ports(0)
        .proxyAfterTcpHandshake("string")
        .quic("string")
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .status("string")
        .unsupportedSsl("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedCert("string")
        .untrustedServerCert("string")
        .build())
    .imaps(ObjectFirewallSslsshprofileImapsArgs.builder()
        .allowInvalidServerCert("string")
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertRequest("string")
        .clientCertificate("string")
        .expiredServerCert("string")
        .invalidServerCert("string")
        .minAllowedSslVersion("string")
        .ports(0)
        .proxyAfterTcpHandshake("string")
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .status("string")
        .unsupportedSsl("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedCert("string")
        .untrustedServerCert("string")
        .build())
    .mapiOverHttps("string")
    .name("string")
    .objectFirewallSslsshprofileId("string")
    .pop3s(ObjectFirewallSslsshprofilePop3sArgs.builder()
        .allowInvalidServerCert("string")
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertRequest("string")
        .clientCertificate("string")
        .expiredServerCert("string")
        .invalidServerCert("string")
        .minAllowedSslVersion("string")
        .ports(0)
        .proxyAfterTcpHandshake("string")
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .status("string")
        .unsupportedSsl("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedCert("string")
        .untrustedServerCert("string")
        .build())
    .rpcOverHttps("string")
    .scopetype("string")
    .serverCert("string")
    .serverCertMode("string")
    .smtps(ObjectFirewallSslsshprofileSmtpsArgs.builder()
        .allowInvalidServerCert("string")
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertRequest("string")
        .clientCertificate("string")
        .expiredServerCert("string")
        .invalidServerCert("string")
        .minAllowedSslVersion("string")
        .ports(0)
        .proxyAfterTcpHandshake("string")
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .status("string")
        .unsupportedSsl("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedCert("string")
        .untrustedServerCert("string")
        .build())
    .ssh(ObjectFirewallSslsshprofileSshArgs.builder()
        .inspectAll("string")
        .ports(0)
        .proxyAfterTcpHandshake("string")
        .sshAlgorithm("string")
        .sshPolicyCheck("string")
        .sshTunPolicyCheck("string")
        .status("string")
        .unsupportedVersion("string")
        .build())
    .ssl(ObjectFirewallSslsshprofileSslArgs.builder()
        .allowInvalidServerCert("string")
        .certProbeFailure("string")
        .certValidationFailure("string")
        .certValidationTimeout("string")
        .clientCertRequest("string")
        .clientCertificate("string")
        .encryptedClientHello("string")
        .expiredServerCert("string")
        .inspectAll("string")
        .invalidServerCert("string")
        .minAllowedSslVersion("string")
        .revokedServerCert("string")
        .sniServerCertCheck("string")
        .unsupportedSsl("string")
        .unsupportedSslCipher("string")
        .unsupportedSslNegotiation("string")
        .unsupportedSslVersion("string")
        .untrustedCert("string")
        .untrustedServerCert("string")
        .build())
    .sslAnomaliesLog("string")
    .sslAnomalyLog("string")
    .sslExemptionIpRating("string")
    .sslExemptionLog("string")
    .sslExemptionsLog("string")
    .sslExempts(ObjectFirewallSslsshprofileSslExemptArgs.builder()
        .address("string")
        .address6("string")
        .fortiguardCategories("string")
        .id(0)
        .regex("string")
        .type("string")
        .wildcardFqdns("string")
        .build())
    .sslHandshakeLog("string")
    .sslNegotiationLog("string")
    .sslServerCertLog("string")
    .sslServers(ObjectFirewallSslsshprofileSslServerArgs.builder()
        .ftpsClientCertRequest("string")
        .ftpsClientCertificate("string")
        .httpsClientCertRequest("string")
        .httpsClientCertificate("string")
        .id(0)
        .imapsClientCertRequest("string")
        .imapsClientCertificate("string")
        .ip("string")
        .pop3sClientCertRequest("string")
        .pop3sClientCertificate("string")
        .smtpsClientCertRequest("string")
        .smtpsClientCertificate("string")
        .sslOtherClientCertRequest("string")
        .sslOtherClientCertificate("string")
        .build())
    .supportedAlpn("string")
    .untrustedCaname("string")
    .useSslServer("string")
    .whitelist("string")
    .build());

object_firewall_sslsshprofile_resource = fortimanager.ObjectFirewallSslsshprofile("objectFirewallSslsshprofileResource",
    adom="string",
    allowlist="string",
    block_blacklisted_certificates="string",
    block_blocklisted_certificates="string",
    caname="string",
    comment="string",
    dot={
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_certificate": "string",
        "expired_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "proxy_after_tcp_handshake": "string",
        "quic": "string",
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "status": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_server_cert": "string",
    },
    dynamic_sort_subtable="string",
    ech_outer_snis=[{
        "name": "string",
        "sni": "string",
    }],
    ftps={
        "allow_invalid_server_cert": "string",
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_cert_request": "string",
        "client_certificate": "string",
        "expired_server_cert": "string",
        "invalid_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "ports": [0],
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "status": "string",
        "unsupported_ssl": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_cert": "string",
        "untrusted_server_cert": "string",
    },
    https={
        "allow_invalid_server_cert": "string",
        "cert_probe_failure": "string",
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_cert_request": "string",
        "client_certificate": "string",
        "encrypted_client_hello": "string",
        "expired_server_cert": "string",
        "invalid_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "ports": [0],
        "proxy_after_tcp_handshake": "string",
        "quic": "string",
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "status": "string",
        "unsupported_ssl": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_cert": "string",
        "untrusted_server_cert": "string",
    },
    imaps={
        "allow_invalid_server_cert": "string",
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_cert_request": "string",
        "client_certificate": "string",
        "expired_server_cert": "string",
        "invalid_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "ports": [0],
        "proxy_after_tcp_handshake": "string",
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "status": "string",
        "unsupported_ssl": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_cert": "string",
        "untrusted_server_cert": "string",
    },
    mapi_over_https="string",
    name="string",
    object_firewall_sslsshprofile_id="string",
    pop3s={
        "allow_invalid_server_cert": "string",
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_cert_request": "string",
        "client_certificate": "string",
        "expired_server_cert": "string",
        "invalid_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "ports": [0],
        "proxy_after_tcp_handshake": "string",
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "status": "string",
        "unsupported_ssl": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_cert": "string",
        "untrusted_server_cert": "string",
    },
    rpc_over_https="string",
    scopetype="string",
    server_cert="string",
    server_cert_mode="string",
    smtps={
        "allow_invalid_server_cert": "string",
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_cert_request": "string",
        "client_certificate": "string",
        "expired_server_cert": "string",
        "invalid_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "ports": [0],
        "proxy_after_tcp_handshake": "string",
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "status": "string",
        "unsupported_ssl": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_cert": "string",
        "untrusted_server_cert": "string",
    },
    ssh={
        "inspect_all": "string",
        "ports": [0],
        "proxy_after_tcp_handshake": "string",
        "ssh_algorithm": "string",
        "ssh_policy_check": "string",
        "ssh_tun_policy_check": "string",
        "status": "string",
        "unsupported_version": "string",
    },
    ssl={
        "allow_invalid_server_cert": "string",
        "cert_probe_failure": "string",
        "cert_validation_failure": "string",
        "cert_validation_timeout": "string",
        "client_cert_request": "string",
        "client_certificate": "string",
        "encrypted_client_hello": "string",
        "expired_server_cert": "string",
        "inspect_all": "string",
        "invalid_server_cert": "string",
        "min_allowed_ssl_version": "string",
        "revoked_server_cert": "string",
        "sni_server_cert_check": "string",
        "unsupported_ssl": "string",
        "unsupported_ssl_cipher": "string",
        "unsupported_ssl_negotiation": "string",
        "unsupported_ssl_version": "string",
        "untrusted_cert": "string",
        "untrusted_server_cert": "string",
    },
    ssl_anomalies_log="string",
    ssl_anomaly_log="string",
    ssl_exemption_ip_rating="string",
    ssl_exemption_log="string",
    ssl_exemptions_log="string",
    ssl_exempts=[{
        "address": "string",
        "address6": "string",
        "fortiguard_categories": ["string"],
        "id": 0,
        "regex": "string",
        "type": "string",
        "wildcard_fqdns": ["string"],
    }],
    ssl_handshake_log="string",
    ssl_negotiation_log="string",
    ssl_server_cert_log="string",
    ssl_servers=[{
        "ftps_client_cert_request": "string",
        "ftps_client_certificate": "string",
        "https_client_cert_request": "string",
        "https_client_certificate": "string",
        "id": 0,
        "imaps_client_cert_request": "string",
        "imaps_client_certificate": "string",
        "ip": "string",
        "pop3s_client_cert_request": "string",
        "pop3s_client_certificate": "string",
        "smtps_client_cert_request": "string",
        "smtps_client_certificate": "string",
        "ssl_other_client_cert_request": "string",
        "ssl_other_client_certificate": "string",
    }],
    supported_alpn="string",
    untrusted_caname="string",
    use_ssl_server="string",
    whitelist="string")

const objectFirewallSslsshprofileResource = new fortimanager.ObjectFirewallSslsshprofile("objectFirewallSslsshprofileResource", {
    adom: "string",
    allowlist: "string",
    blockBlacklistedCertificates: "string",
    blockBlocklistedCertificates: "string",
    caname: "string",
    comment: "string",
    dot: {
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertificate: "string",
        expiredServerCert: "string",
        minAllowedSslVersion: "string",
        proxyAfterTcpHandshake: "string",
        quic: "string",
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        status: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedServerCert: "string",
    },
    dynamicSortSubtable: "string",
    echOuterSnis: [{
        name: "string",
        sni: "string",
    }],
    ftps: {
        allowInvalidServerCert: "string",
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertRequest: "string",
        clientCertificate: "string",
        expiredServerCert: "string",
        invalidServerCert: "string",
        minAllowedSslVersion: "string",
        ports: [0],
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        status: "string",
        unsupportedSsl: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedCert: "string",
        untrustedServerCert: "string",
    },
    https: {
        allowInvalidServerCert: "string",
        certProbeFailure: "string",
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertRequest: "string",
        clientCertificate: "string",
        encryptedClientHello: "string",
        expiredServerCert: "string",
        invalidServerCert: "string",
        minAllowedSslVersion: "string",
        ports: [0],
        proxyAfterTcpHandshake: "string",
        quic: "string",
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        status: "string",
        unsupportedSsl: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedCert: "string",
        untrustedServerCert: "string",
    },
    imaps: {
        allowInvalidServerCert: "string",
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertRequest: "string",
        clientCertificate: "string",
        expiredServerCert: "string",
        invalidServerCert: "string",
        minAllowedSslVersion: "string",
        ports: [0],
        proxyAfterTcpHandshake: "string",
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        status: "string",
        unsupportedSsl: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedCert: "string",
        untrustedServerCert: "string",
    },
    mapiOverHttps: "string",
    name: "string",
    objectFirewallSslsshprofileId: "string",
    pop3s: {
        allowInvalidServerCert: "string",
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertRequest: "string",
        clientCertificate: "string",
        expiredServerCert: "string",
        invalidServerCert: "string",
        minAllowedSslVersion: "string",
        ports: [0],
        proxyAfterTcpHandshake: "string",
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        status: "string",
        unsupportedSsl: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedCert: "string",
        untrustedServerCert: "string",
    },
    rpcOverHttps: "string",
    scopetype: "string",
    serverCert: "string",
    serverCertMode: "string",
    smtps: {
        allowInvalidServerCert: "string",
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertRequest: "string",
        clientCertificate: "string",
        expiredServerCert: "string",
        invalidServerCert: "string",
        minAllowedSslVersion: "string",
        ports: [0],
        proxyAfterTcpHandshake: "string",
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        status: "string",
        unsupportedSsl: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedCert: "string",
        untrustedServerCert: "string",
    },
    ssh: {
        inspectAll: "string",
        ports: [0],
        proxyAfterTcpHandshake: "string",
        sshAlgorithm: "string",
        sshPolicyCheck: "string",
        sshTunPolicyCheck: "string",
        status: "string",
        unsupportedVersion: "string",
    },
    ssl: {
        allowInvalidServerCert: "string",
        certProbeFailure: "string",
        certValidationFailure: "string",
        certValidationTimeout: "string",
        clientCertRequest: "string",
        clientCertificate: "string",
        encryptedClientHello: "string",
        expiredServerCert: "string",
        inspectAll: "string",
        invalidServerCert: "string",
        minAllowedSslVersion: "string",
        revokedServerCert: "string",
        sniServerCertCheck: "string",
        unsupportedSsl: "string",
        unsupportedSslCipher: "string",
        unsupportedSslNegotiation: "string",
        unsupportedSslVersion: "string",
        untrustedCert: "string",
        untrustedServerCert: "string",
    },
    sslAnomaliesLog: "string",
    sslAnomalyLog: "string",
    sslExemptionIpRating: "string",
    sslExemptionLog: "string",
    sslExemptionsLog: "string",
    sslExempts: [{
        address: "string",
        address6: "string",
        fortiguardCategories: ["string"],
        id: 0,
        regex: "string",
        type: "string",
        wildcardFqdns: ["string"],
    }],
    sslHandshakeLog: "string",
    sslNegotiationLog: "string",
    sslServerCertLog: "string",
    sslServers: [{
        ftpsClientCertRequest: "string",
        ftpsClientCertificate: "string",
        httpsClientCertRequest: "string",
        httpsClientCertificate: "string",
        id: 0,
        imapsClientCertRequest: "string",
        imapsClientCertificate: "string",
        ip: "string",
        pop3sClientCertRequest: "string",
        pop3sClientCertificate: "string",
        smtpsClientCertRequest: "string",
        smtpsClientCertificate: "string",
        sslOtherClientCertRequest: "string",
        sslOtherClientCertificate: "string",
    }],
    supportedAlpn: "string",
    untrustedCaname: "string",
    useSslServer: "string",
    whitelist: "string",
});

type: fortimanager:ObjectFirewallSslsshprofile
properties:
    adom: string
    allowlist: string
    blockBlacklistedCertificates: string
    blockBlocklistedCertificates: string
    caname: string
    comment: string
    dot:
        certValidationFailure: string
        certValidationTimeout: string
        clientCertificate: string
        expiredServerCert: string
        minAllowedSslVersion: string
        proxyAfterTcpHandshake: string
        quic: string
        revokedServerCert: string
        sniServerCertCheck: string
        status: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedServerCert: string
    dynamicSortSubtable: string
    echOuterSnis:
        - name: string
          sni: string
    ftps:
        allowInvalidServerCert: string
        certValidationFailure: string
        certValidationTimeout: string
        clientCertRequest: string
        clientCertificate: string
        expiredServerCert: string
        invalidServerCert: string
        minAllowedSslVersion: string
        ports:
            - 0
        revokedServerCert: string
        sniServerCertCheck: string
        status: string
        unsupportedSsl: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedCert: string
        untrustedServerCert: string
    https:
        allowInvalidServerCert: string
        certProbeFailure: string
        certValidationFailure: string
        certValidationTimeout: string
        clientCertRequest: string
        clientCertificate: string
        encryptedClientHello: string
        expiredServerCert: string
        invalidServerCert: string
        minAllowedSslVersion: string
        ports:
            - 0
        proxyAfterTcpHandshake: string
        quic: string
        revokedServerCert: string
        sniServerCertCheck: string
        status: string
        unsupportedSsl: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedCert: string
        untrustedServerCert: string
    imaps:
        allowInvalidServerCert: string
        certValidationFailure: string
        certValidationTimeout: string
        clientCertRequest: string
        clientCertificate: string
        expiredServerCert: string
        invalidServerCert: string
        minAllowedSslVersion: string
        ports:
            - 0
        proxyAfterTcpHandshake: string
        revokedServerCert: string
        sniServerCertCheck: string
        status: string
        unsupportedSsl: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedCert: string
        untrustedServerCert: string
    mapiOverHttps: string
    name: string
    objectFirewallSslsshprofileId: string
    pop3s:
        allowInvalidServerCert: string
        certValidationFailure: string
        certValidationTimeout: string
        clientCertRequest: string
        clientCertificate: string
        expiredServerCert: string
        invalidServerCert: string
        minAllowedSslVersion: string
        ports:
            - 0
        proxyAfterTcpHandshake: string
        revokedServerCert: string
        sniServerCertCheck: string
        status: string
        unsupportedSsl: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedCert: string
        untrustedServerCert: string
    rpcOverHttps: string
    scopetype: string
    serverCert: string
    serverCertMode: string
    smtps:
        allowInvalidServerCert: string
        certValidationFailure: string
        certValidationTimeout: string
        clientCertRequest: string
        clientCertificate: string
        expiredServerCert: string
        invalidServerCert: string
        minAllowedSslVersion: string
        ports:
            - 0
        proxyAfterTcpHandshake: string
        revokedServerCert: string
        sniServerCertCheck: string
        status: string
        unsupportedSsl: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedCert: string
        untrustedServerCert: string
    ssh:
        inspectAll: string
        ports:
            - 0
        proxyAfterTcpHandshake: string
        sshAlgorithm: string
        sshPolicyCheck: string
        sshTunPolicyCheck: string
        status: string
        unsupportedVersion: string
    ssl:
        allowInvalidServerCert: string
        certProbeFailure: string
        certValidationFailure: string
        certValidationTimeout: string
        clientCertRequest: string
        clientCertificate: string
        encryptedClientHello: string
        expiredServerCert: string
        inspectAll: string
        invalidServerCert: string
        minAllowedSslVersion: string
        revokedServerCert: string
        sniServerCertCheck: string
        unsupportedSsl: string
        unsupportedSslCipher: string
        unsupportedSslNegotiation: string
        unsupportedSslVersion: string
        untrustedCert: string
        untrustedServerCert: string
    sslAnomaliesLog: string
    sslAnomalyLog: string
    sslExemptionIpRating: string
    sslExemptionLog: string
    sslExemptionsLog: string
    sslExempts:
        - address: string
          address6: string
          fortiguardCategories:
            - string
          id: 0
          regex: string
          type: string
          wildcardFqdns:
            - string
    sslHandshakeLog: string
    sslNegotiationLog: string
    sslServerCertLog: string
    sslServers:
        - ftpsClientCertRequest: string
          ftpsClientCertificate: string
          httpsClientCertRequest: string
          httpsClientCertificate: string
          id: 0
          imapsClientCertRequest: string
          imapsClientCertificate: string
          ip: string
          pop3sClientCertRequest: string
          pop3sClientCertificate: string
          smtpsClientCertRequest: string
          smtpsClientCertificate: string
          sslOtherClientCertRequest: string
          sslOtherClientCertificate: string
    supportedAlpn: string
    untrustedCaname: string
    useSslServer: string
    whitelist: string

ObjectFirewallSslsshprofile Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ObjectFirewallSslsshprofile resource accepts the following input properties:

Adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
Allowlist string: Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
BlockBlacklistedCertificates string: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
BlockBlocklistedCertificates string: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
Caname string: CA certificate used by SSL Inspection.
Comment string: Optional comments.
Dot ObjectFirewallSslsshprofileDot: Dot. The structure of dot block is documented below.
DynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EchOuterSnis List<ObjectFirewallSslsshprofileEchOuterSni>: Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
Ftps ObjectFirewallSslsshprofileFtps: Ftps. The structure of ftps block is documented below.
Https ObjectFirewallSslsshprofileHttps: Https. The structure of https block is documented below.
Imaps ObjectFirewallSslsshprofileImaps: Imaps. The structure of imaps block is documented below.
MapiOverHttps string: Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
Name string: Name.
ObjectFirewallSslsshprofileId string: an identifier for the resource with format {{name}}.
Pop3s ObjectFirewallSslsshprofilePop3s: Pop3S. The structure of pop3s block is documented below.
RpcOverHttps string: Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
Scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
ServerCert string: Certificate used by SSL Inspection to replace server certificate.
ServerCertMode string: Re-sign or replace the server's certificate. Valid values: re-sign, replace.
Smtps ObjectFirewallSslsshprofileSmtps: Smtps. The structure of smtps block is documented below.
Ssh ObjectFirewallSslsshprofileSsh: Ssh. The structure of ssh block is documented below.
Ssl ObjectFirewallSslsshprofileSsl: Ssl. The structure of ssl block is documented below.
SslAnomaliesLog string: Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslAnomalyLog string: Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslExemptionIpRating string: Enable/disable IP based URL rating. Valid values: disable, enable.
SslExemptionLog string: Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExemptionsLog string: Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExempts List<ObjectFirewallSslsshprofileSslExempt>: Ssl-Exempt. The structure of ssl_exempt block is documented below.
SslHandshakeLog string: Enable/disable logging of TLS handshakes. Valid values: disable, enable.
SslNegotiationLog string: Enable/disable logging SSL negotiation. Valid values: disable, enable.
SslServerCertLog string: Enable/disable logging of server certificate information. Valid values: disable, enable.
SslServers List<ObjectFirewallSslsshprofileSslServer>: Ssl-Server. The structure of ssl_server block is documented below.
SupportedAlpn string: Configure ALPN option. Valid values: none, http1-1, http2, all.
UntrustedCaname string: Untrusted CA certificate used by SSL Inspection.
UseSslServer string: Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
Whitelist string: Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

Adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
Allowlist string: Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
BlockBlacklistedCertificates string: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
BlockBlocklistedCertificates string: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
Caname string: CA certificate used by SSL Inspection.
Comment string: Optional comments.
Dot ObjectFirewallSslsshprofileDotTypeArgs: Dot. The structure of dot block is documented below.
DynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EchOuterSnis []ObjectFirewallSslsshprofileEchOuterSniTypeArgs: Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
Ftps ObjectFirewallSslsshprofileFtpsTypeArgs: Ftps. The structure of ftps block is documented below.
Https ObjectFirewallSslsshprofileHttpsTypeArgs: Https. The structure of https block is documented below.
Imaps ObjectFirewallSslsshprofileImapsTypeArgs: Imaps. The structure of imaps block is documented below.
MapiOverHttps string: Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
Name string: Name.
ObjectFirewallSslsshprofileId string: an identifier for the resource with format {{name}}.
Pop3s ObjectFirewallSslsshprofilePop3sTypeArgs: Pop3S. The structure of pop3s block is documented below.
RpcOverHttps string: Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
Scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
ServerCert string: Certificate used by SSL Inspection to replace server certificate.
ServerCertMode string: Re-sign or replace the server's certificate. Valid values: re-sign, replace.
Smtps ObjectFirewallSslsshprofileSmtpsTypeArgs: Smtps. The structure of smtps block is documented below.
Ssh ObjectFirewallSslsshprofileSshTypeArgs: Ssh. The structure of ssh block is documented below.
Ssl ObjectFirewallSslsshprofileSslTypeArgs: Ssl. The structure of ssl block is documented below.
SslAnomaliesLog string: Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslAnomalyLog string: Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslExemptionIpRating string: Enable/disable IP based URL rating. Valid values: disable, enable.
SslExemptionLog string: Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExemptionsLog string: Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExempts []ObjectFirewallSslsshprofileSslExemptTypeArgs: Ssl-Exempt. The structure of ssl_exempt block is documented below.
SslHandshakeLog string: Enable/disable logging of TLS handshakes. Valid values: disable, enable.
SslNegotiationLog string: Enable/disable logging SSL negotiation. Valid values: disable, enable.
SslServerCertLog string: Enable/disable logging of server certificate information. Valid values: disable, enable.
SslServers []ObjectFirewallSslsshprofileSslServerTypeArgs: Ssl-Server. The structure of ssl_server block is documented below.
SupportedAlpn string: Configure ALPN option. Valid values: none, http1-1, http2, all.
UntrustedCaname string: Untrusted CA certificate used by SSL Inspection.
UseSslServer string: Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
Whitelist string: Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

adom String: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist String: Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
blockBlacklistedCertificates String: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
blockBlocklistedCertificates String: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname String: CA certificate used by SSL Inspection.
comment String: Optional comments.
dot ObjectFirewallSslsshprofileDot: Dot. The structure of dot block is documented below.
dynamicSortSubtable String: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
echOuterSnis List<ObjectFirewallSslsshprofileEchOuterSni>: Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps ObjectFirewallSslsshprofileFtps: Ftps. The structure of ftps block is documented below.
https ObjectFirewallSslsshprofileHttps: Https. The structure of https block is documented below.
imaps ObjectFirewallSslsshprofileImaps: Imaps. The structure of imaps block is documented below.
mapiOverHttps String: Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name String: Name.
objectFirewallSslsshprofileId String: an identifier for the resource with format {{name}}.
pop3s ObjectFirewallSslsshprofilePop3s: Pop3S. The structure of pop3s block is documented below.
rpcOverHttps String: Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype String: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverCert String: Certificate used by SSL Inspection to replace server certificate.
serverCertMode String: Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps ObjectFirewallSslsshprofileSmtps: Smtps. The structure of smtps block is documented below.
ssh ObjectFirewallSslsshprofileSsh: Ssh. The structure of ssh block is documented below.
ssl ObjectFirewallSslsshprofileSsl: Ssl. The structure of ssl block is documented below.
sslAnomaliesLog String: Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslAnomalyLog String: Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslExemptionIpRating String: Enable/disable IP based URL rating. Valid values: disable, enable.
sslExemptionLog String: Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExemptionsLog String: Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExempts List<ObjectFirewallSslsshprofileSslExempt>: Ssl-Exempt. The structure of ssl_exempt block is documented below.
sslHandshakeLog String: Enable/disable logging of TLS handshakes. Valid values: disable, enable.
sslNegotiationLog String: Enable/disable logging SSL negotiation. Valid values: disable, enable.
sslServerCertLog String: Enable/disable logging of server certificate information. Valid values: disable, enable.
sslServers List<ObjectFirewallSslsshprofileSslServer>: Ssl-Server. The structure of ssl_server block is documented below.
supportedAlpn String: Configure ALPN option. Valid values: none, http1-1, http2, all.
untrustedCaname String: Untrusted CA certificate used by SSL Inspection.
useSslServer String: Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist String: Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist string: Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
blockBlacklistedCertificates string: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
blockBlocklistedCertificates string: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname string: CA certificate used by SSL Inspection.
comment string: Optional comments.
dot ObjectFirewallSslsshprofileDot: Dot. The structure of dot block is documented below.
dynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
echOuterSnis ObjectFirewallSslsshprofileEchOuterSni[]: Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps ObjectFirewallSslsshprofileFtps: Ftps. The structure of ftps block is documented below.
https ObjectFirewallSslsshprofileHttps: Https. The structure of https block is documented below.
imaps ObjectFirewallSslsshprofileImaps: Imaps. The structure of imaps block is documented below.
mapiOverHttps string: Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name string: Name.
objectFirewallSslsshprofileId string: an identifier for the resource with format {{name}}.
pop3s ObjectFirewallSslsshprofilePop3s: Pop3S. The structure of pop3s block is documented below.
rpcOverHttps string: Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverCert string: Certificate used by SSL Inspection to replace server certificate.
serverCertMode string: Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps ObjectFirewallSslsshprofileSmtps: Smtps. The structure of smtps block is documented below.
ssh ObjectFirewallSslsshprofileSsh: Ssh. The structure of ssh block is documented below.
ssl ObjectFirewallSslsshprofileSsl: Ssl. The structure of ssl block is documented below.
sslAnomaliesLog string: Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslAnomalyLog string: Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslExemptionIpRating string: Enable/disable IP based URL rating. Valid values: disable, enable.
sslExemptionLog string: Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExemptionsLog string: Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExempts ObjectFirewallSslsshprofileSslExempt[]: Ssl-Exempt. The structure of ssl_exempt block is documented below.
sslHandshakeLog string: Enable/disable logging of TLS handshakes. Valid values: disable, enable.
sslNegotiationLog string: Enable/disable logging SSL negotiation. Valid values: disable, enable.
sslServerCertLog string: Enable/disable logging of server certificate information. Valid values: disable, enable.
sslServers ObjectFirewallSslsshprofileSslServer[]: Ssl-Server. The structure of ssl_server block is documented below.
supportedAlpn string: Configure ALPN option. Valid values: none, http1-1, http2, all.
untrustedCaname string: Untrusted CA certificate used by SSL Inspection.
useSslServer string: Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist string: Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

adom str: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist str: Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
block_blacklisted_certificates str: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
block_blocklisted_certificates str: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname str: CA certificate used by SSL Inspection.
comment str: Optional comments.
dot ObjectFirewallSslsshprofileDotArgs: Dot. The structure of dot block is documented below.
dynamic_sort_subtable str: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
ech_outer_snis Sequence[ObjectFirewallSslsshprofileEchOuterSniArgs]: Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps ObjectFirewallSslsshprofileFtpsArgs: Ftps. The structure of ftps block is documented below.
https ObjectFirewallSslsshprofileHttpsArgs: Https. The structure of https block is documented below.
imaps ObjectFirewallSslsshprofileImapsArgs: Imaps. The structure of imaps block is documented below.
mapi_over_https str: Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name str: Name.
object_firewall_sslsshprofile_id str: an identifier for the resource with format {{name}}.
pop3s ObjectFirewallSslsshprofilePop3sArgs: Pop3S. The structure of pop3s block is documented below.
rpc_over_https str: Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype str: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
server_cert str: Certificate used by SSL Inspection to replace server certificate.
server_cert_mode str: Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps ObjectFirewallSslsshprofileSmtpsArgs: Smtps. The structure of smtps block is documented below.
ssh ObjectFirewallSslsshprofileSshArgs: Ssh. The structure of ssh block is documented below.
ssl ObjectFirewallSslsshprofileSslArgs: Ssl. The structure of ssl block is documented below.
ssl_anomalies_log str: Enable/disable logging SSL anomalies. Valid values: disable, enable.
ssl_anomaly_log str: Enable/disable logging SSL anomalies. Valid values: disable, enable.
ssl_exemption_ip_rating str: Enable/disable IP based URL rating. Valid values: disable, enable.
ssl_exemption_log str: Enable/disable logging SSL exemptions. Valid values: disable, enable.
ssl_exemptions_log str: Enable/disable logging SSL exemptions. Valid values: disable, enable.
ssl_exempts Sequence[ObjectFirewallSslsshprofileSslExemptArgs]: Ssl-Exempt. The structure of ssl_exempt block is documented below.
ssl_handshake_log str: Enable/disable logging of TLS handshakes. Valid values: disable, enable.
ssl_negotiation_log str: Enable/disable logging SSL negotiation. Valid values: disable, enable.
ssl_server_cert_log str: Enable/disable logging of server certificate information. Valid values: disable, enable.
ssl_servers Sequence[ObjectFirewallSslsshprofileSslServerArgs]: Ssl-Server. The structure of ssl_server block is documented below.
supported_alpn str: Configure ALPN option. Valid values: none, http1-1, http2, all.
untrusted_caname str: Untrusted CA certificate used by SSL Inspection.
use_ssl_server str: Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist str: Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

adom String: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist String: Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
blockBlacklistedCertificates String: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
blockBlocklistedCertificates String: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname String: CA certificate used by SSL Inspection.
comment String: Optional comments.
dot Property Map: Dot. The structure of dot block is documented below.
dynamicSortSubtable String: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
echOuterSnis List<Property Map>: Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps Property Map: Ftps. The structure of ftps block is documented below.
https Property Map: Https. The structure of https block is documented below.
imaps Property Map: Imaps. The structure of imaps block is documented below.
mapiOverHttps String: Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name String: Name.
objectFirewallSslsshprofileId String: an identifier for the resource with format {{name}}.
pop3s Property Map: Pop3S. The structure of pop3s block is documented below.
rpcOverHttps String: Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype String: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverCert String: Certificate used by SSL Inspection to replace server certificate.
serverCertMode String: Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps Property Map: Smtps. The structure of smtps block is documented below.
ssh Property Map: Ssh. The structure of ssh block is documented below.
ssl Property Map: Ssl. The structure of ssl block is documented below.
sslAnomaliesLog String: Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslAnomalyLog String: Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslExemptionIpRating String: Enable/disable IP based URL rating. Valid values: disable, enable.
sslExemptionLog String: Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExemptionsLog String: Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExempts List<Property Map>: Ssl-Exempt. The structure of ssl_exempt block is documented below.
sslHandshakeLog String: Enable/disable logging of TLS handshakes. Valid values: disable, enable.
sslNegotiationLog String: Enable/disable logging SSL negotiation. Valid values: disable, enable.
sslServerCertLog String: Enable/disable logging of server certificate information. Valid values: disable, enable.
sslServers List<Property Map>: Ssl-Server. The structure of ssl_server block is documented below.
supportedAlpn String: Configure ALPN option. Valid values: none, http1-1, http2, all.
untrustedCaname String: Untrusted CA certificate used by SSL Inspection.
useSslServer String: Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist String: Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

Outputs

All input properties are implicitly available as output properties. Additionally, the ObjectFirewallSslsshprofile resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing ObjectFirewallSslsshprofile Resource

Get an existing ObjectFirewallSslsshprofile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ObjectFirewallSslsshprofileState, opts?: CustomResourceOptions): ObjectFirewallSslsshprofile

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        adom: Optional[str] = None,
        allowlist: Optional[str] = None,
        block_blacklisted_certificates: Optional[str] = None,
        block_blocklisted_certificates: Optional[str] = None,
        caname: Optional[str] = None,
        comment: Optional[str] = None,
        dot: Optional[ObjectFirewallSslsshprofileDotArgs] = None,
        dynamic_sort_subtable: Optional[str] = None,
        ech_outer_snis: Optional[Sequence[ObjectFirewallSslsshprofileEchOuterSniArgs]] = None,
        ftps: Optional[ObjectFirewallSslsshprofileFtpsArgs] = None,
        https: Optional[ObjectFirewallSslsshprofileHttpsArgs] = None,
        imaps: Optional[ObjectFirewallSslsshprofileImapsArgs] = None,
        mapi_over_https: Optional[str] = None,
        name: Optional[str] = None,
        object_firewall_sslsshprofile_id: Optional[str] = None,
        pop3s: Optional[ObjectFirewallSslsshprofilePop3sArgs] = None,
        rpc_over_https: Optional[str] = None,
        scopetype: Optional[str] = None,
        server_cert: Optional[str] = None,
        server_cert_mode: Optional[str] = None,
        smtps: Optional[ObjectFirewallSslsshprofileSmtpsArgs] = None,
        ssh: Optional[ObjectFirewallSslsshprofileSshArgs] = None,
        ssl: Optional[ObjectFirewallSslsshprofileSslArgs] = None,
        ssl_anomalies_log: Optional[str] = None,
        ssl_anomaly_log: Optional[str] = None,
        ssl_exemption_ip_rating: Optional[str] = None,
        ssl_exemption_log: Optional[str] = None,
        ssl_exemptions_log: Optional[str] = None,
        ssl_exempts: Optional[Sequence[ObjectFirewallSslsshprofileSslExemptArgs]] = None,
        ssl_handshake_log: Optional[str] = None,
        ssl_negotiation_log: Optional[str] = None,
        ssl_server_cert_log: Optional[str] = None,
        ssl_servers: Optional[Sequence[ObjectFirewallSslsshprofileSslServerArgs]] = None,
        supported_alpn: Optional[str] = None,
        untrusted_caname: Optional[str] = None,
        use_ssl_server: Optional[str] = None,
        whitelist: Optional[str] = None) -> ObjectFirewallSslsshprofile

func GetObjectFirewallSslsshprofile(ctx *Context, name string, id IDInput, state *ObjectFirewallSslsshprofileState, opts ...ResourceOption) (*ObjectFirewallSslsshprofile, error)

public static ObjectFirewallSslsshprofile Get(string name, Input<string> id, ObjectFirewallSslsshprofileState? state, CustomResourceOptions? opts = null)

public static ObjectFirewallSslsshprofile get(String name, Output<String> id, ObjectFirewallSslsshprofileState state, CustomResourceOptions options)

resources:  _:    type: fortimanager:ObjectFirewallSslsshprofile    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
Allowlist string: Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
BlockBlacklistedCertificates string: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
BlockBlocklistedCertificates string: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
Caname string: CA certificate used by SSL Inspection.
Comment string: Optional comments.
Dot ObjectFirewallSslsshprofileDot: Dot. The structure of dot block is documented below.
DynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EchOuterSnis List<ObjectFirewallSslsshprofileEchOuterSni>: Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
Ftps ObjectFirewallSslsshprofileFtps: Ftps. The structure of ftps block is documented below.
Https ObjectFirewallSslsshprofileHttps: Https. The structure of https block is documented below.
Imaps ObjectFirewallSslsshprofileImaps: Imaps. The structure of imaps block is documented below.
MapiOverHttps string: Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
Name string: Name.
ObjectFirewallSslsshprofileId string: an identifier for the resource with format {{name}}.
Pop3s ObjectFirewallSslsshprofilePop3s: Pop3S. The structure of pop3s block is documented below.
RpcOverHttps string: Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
Scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
ServerCert string: Certificate used by SSL Inspection to replace server certificate.
ServerCertMode string: Re-sign or replace the server's certificate. Valid values: re-sign, replace.
Smtps ObjectFirewallSslsshprofileSmtps: Smtps. The structure of smtps block is documented below.
Ssh ObjectFirewallSslsshprofileSsh: Ssh. The structure of ssh block is documented below.
Ssl ObjectFirewallSslsshprofileSsl: Ssl. The structure of ssl block is documented below.
SslAnomaliesLog string: Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslAnomalyLog string: Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslExemptionIpRating string: Enable/disable IP based URL rating. Valid values: disable, enable.
SslExemptionLog string: Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExemptionsLog string: Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExempts List<ObjectFirewallSslsshprofileSslExempt>: Ssl-Exempt. The structure of ssl_exempt block is documented below.
SslHandshakeLog string: Enable/disable logging of TLS handshakes. Valid values: disable, enable.
SslNegotiationLog string: Enable/disable logging SSL negotiation. Valid values: disable, enable.
SslServerCertLog string: Enable/disable logging of server certificate information. Valid values: disable, enable.
SslServers List<ObjectFirewallSslsshprofileSslServer>: Ssl-Server. The structure of ssl_server block is documented below.
SupportedAlpn string: Configure ALPN option. Valid values: none, http1-1, http2, all.
UntrustedCaname string: Untrusted CA certificate used by SSL Inspection.
UseSslServer string: Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
Whitelist string: Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

Adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
Allowlist string: Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
BlockBlacklistedCertificates string: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
BlockBlocklistedCertificates string: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
Caname string: CA certificate used by SSL Inspection.
Comment string: Optional comments.
Dot ObjectFirewallSslsshprofileDotTypeArgs: Dot. The structure of dot block is documented below.
DynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EchOuterSnis []ObjectFirewallSslsshprofileEchOuterSniTypeArgs: Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
Ftps ObjectFirewallSslsshprofileFtpsTypeArgs: Ftps. The structure of ftps block is documented below.
Https ObjectFirewallSslsshprofileHttpsTypeArgs: Https. The structure of https block is documented below.
Imaps ObjectFirewallSslsshprofileImapsTypeArgs: Imaps. The structure of imaps block is documented below.
MapiOverHttps string: Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
Name string: Name.
ObjectFirewallSslsshprofileId string: an identifier for the resource with format {{name}}.
Pop3s ObjectFirewallSslsshprofilePop3sTypeArgs: Pop3S. The structure of pop3s block is documented below.
RpcOverHttps string: Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
Scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
ServerCert string: Certificate used by SSL Inspection to replace server certificate.
ServerCertMode string: Re-sign or replace the server's certificate. Valid values: re-sign, replace.
Smtps ObjectFirewallSslsshprofileSmtpsTypeArgs: Smtps. The structure of smtps block is documented below.
Ssh ObjectFirewallSslsshprofileSshTypeArgs: Ssh. The structure of ssh block is documented below.
Ssl ObjectFirewallSslsshprofileSslTypeArgs: Ssl. The structure of ssl block is documented below.
SslAnomaliesLog string: Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslAnomalyLog string: Enable/disable logging SSL anomalies. Valid values: disable, enable.
SslExemptionIpRating string: Enable/disable IP based URL rating. Valid values: disable, enable.
SslExemptionLog string: Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExemptionsLog string: Enable/disable logging SSL exemptions. Valid values: disable, enable.
SslExempts []ObjectFirewallSslsshprofileSslExemptTypeArgs: Ssl-Exempt. The structure of ssl_exempt block is documented below.
SslHandshakeLog string: Enable/disable logging of TLS handshakes. Valid values: disable, enable.
SslNegotiationLog string: Enable/disable logging SSL negotiation. Valid values: disable, enable.
SslServerCertLog string: Enable/disable logging of server certificate information. Valid values: disable, enable.
SslServers []ObjectFirewallSslsshprofileSslServerTypeArgs: Ssl-Server. The structure of ssl_server block is documented below.
SupportedAlpn string: Configure ALPN option. Valid values: none, http1-1, http2, all.
UntrustedCaname string: Untrusted CA certificate used by SSL Inspection.
UseSslServer string: Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
Whitelist string: Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

adom String: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist String: Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
blockBlacklistedCertificates String: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
blockBlocklistedCertificates String: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname String: CA certificate used by SSL Inspection.
comment String: Optional comments.
dot ObjectFirewallSslsshprofileDot: Dot. The structure of dot block is documented below.
dynamicSortSubtable String: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
echOuterSnis List<ObjectFirewallSslsshprofileEchOuterSni>: Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps ObjectFirewallSslsshprofileFtps: Ftps. The structure of ftps block is documented below.
https ObjectFirewallSslsshprofileHttps: Https. The structure of https block is documented below.
imaps ObjectFirewallSslsshprofileImaps: Imaps. The structure of imaps block is documented below.
mapiOverHttps String: Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name String: Name.
objectFirewallSslsshprofileId String: an identifier for the resource with format {{name}}.
pop3s ObjectFirewallSslsshprofilePop3s: Pop3S. The structure of pop3s block is documented below.
rpcOverHttps String: Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype String: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverCert String: Certificate used by SSL Inspection to replace server certificate.
serverCertMode String: Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps ObjectFirewallSslsshprofileSmtps: Smtps. The structure of smtps block is documented below.
ssh ObjectFirewallSslsshprofileSsh: Ssh. The structure of ssh block is documented below.
ssl ObjectFirewallSslsshprofileSsl: Ssl. The structure of ssl block is documented below.
sslAnomaliesLog String: Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslAnomalyLog String: Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslExemptionIpRating String: Enable/disable IP based URL rating. Valid values: disable, enable.
sslExemptionLog String: Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExemptionsLog String: Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExempts List<ObjectFirewallSslsshprofileSslExempt>: Ssl-Exempt. The structure of ssl_exempt block is documented below.
sslHandshakeLog String: Enable/disable logging of TLS handshakes. Valid values: disable, enable.
sslNegotiationLog String: Enable/disable logging SSL negotiation. Valid values: disable, enable.
sslServerCertLog String: Enable/disable logging of server certificate information. Valid values: disable, enable.
sslServers List<ObjectFirewallSslsshprofileSslServer>: Ssl-Server. The structure of ssl_server block is documented below.
supportedAlpn String: Configure ALPN option. Valid values: none, http1-1, http2, all.
untrustedCaname String: Untrusted CA certificate used by SSL Inspection.
useSslServer String: Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist String: Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist string: Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
blockBlacklistedCertificates string: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
blockBlocklistedCertificates string: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname string: CA certificate used by SSL Inspection.
comment string: Optional comments.
dot ObjectFirewallSslsshprofileDot: Dot. The structure of dot block is documented below.
dynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
echOuterSnis ObjectFirewallSslsshprofileEchOuterSni[]: Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps ObjectFirewallSslsshprofileFtps: Ftps. The structure of ftps block is documented below.
https ObjectFirewallSslsshprofileHttps: Https. The structure of https block is documented below.
imaps ObjectFirewallSslsshprofileImaps: Imaps. The structure of imaps block is documented below.
mapiOverHttps string: Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name string: Name.
objectFirewallSslsshprofileId string: an identifier for the resource with format {{name}}.
pop3s ObjectFirewallSslsshprofilePop3s: Pop3S. The structure of pop3s block is documented below.
rpcOverHttps string: Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverCert string: Certificate used by SSL Inspection to replace server certificate.
serverCertMode string: Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps ObjectFirewallSslsshprofileSmtps: Smtps. The structure of smtps block is documented below.
ssh ObjectFirewallSslsshprofileSsh: Ssh. The structure of ssh block is documented below.
ssl ObjectFirewallSslsshprofileSsl: Ssl. The structure of ssl block is documented below.
sslAnomaliesLog string: Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslAnomalyLog string: Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslExemptionIpRating string: Enable/disable IP based URL rating. Valid values: disable, enable.
sslExemptionLog string: Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExemptionsLog string: Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExempts ObjectFirewallSslsshprofileSslExempt[]: Ssl-Exempt. The structure of ssl_exempt block is documented below.
sslHandshakeLog string: Enable/disable logging of TLS handshakes. Valid values: disable, enable.
sslNegotiationLog string: Enable/disable logging SSL negotiation. Valid values: disable, enable.
sslServerCertLog string: Enable/disable logging of server certificate information. Valid values: disable, enable.
sslServers ObjectFirewallSslsshprofileSslServer[]: Ssl-Server. The structure of ssl_server block is documented below.
supportedAlpn string: Configure ALPN option. Valid values: none, http1-1, http2, all.
untrustedCaname string: Untrusted CA certificate used by SSL Inspection.
useSslServer string: Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist string: Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

adom str: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist str: Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
block_blacklisted_certificates str: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
block_blocklisted_certificates str: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname str: CA certificate used by SSL Inspection.
comment str: Optional comments.
dot ObjectFirewallSslsshprofileDotArgs: Dot. The structure of dot block is documented below.
dynamic_sort_subtable str: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
ech_outer_snis Sequence[ObjectFirewallSslsshprofileEchOuterSniArgs]: Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps ObjectFirewallSslsshprofileFtpsArgs: Ftps. The structure of ftps block is documented below.
https ObjectFirewallSslsshprofileHttpsArgs: Https. The structure of https block is documented below.
imaps ObjectFirewallSslsshprofileImapsArgs: Imaps. The structure of imaps block is documented below.
mapi_over_https str: Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name str: Name.
object_firewall_sslsshprofile_id str: an identifier for the resource with format {{name}}.
pop3s ObjectFirewallSslsshprofilePop3sArgs: Pop3S. The structure of pop3s block is documented below.
rpc_over_https str: Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype str: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
server_cert str: Certificate used by SSL Inspection to replace server certificate.
server_cert_mode str: Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps ObjectFirewallSslsshprofileSmtpsArgs: Smtps. The structure of smtps block is documented below.
ssh ObjectFirewallSslsshprofileSshArgs: Ssh. The structure of ssh block is documented below.
ssl ObjectFirewallSslsshprofileSslArgs: Ssl. The structure of ssl block is documented below.
ssl_anomalies_log str: Enable/disable logging SSL anomalies. Valid values: disable, enable.
ssl_anomaly_log str: Enable/disable logging SSL anomalies. Valid values: disable, enable.
ssl_exemption_ip_rating str: Enable/disable IP based URL rating. Valid values: disable, enable.
ssl_exemption_log str: Enable/disable logging SSL exemptions. Valid values: disable, enable.
ssl_exemptions_log str: Enable/disable logging SSL exemptions. Valid values: disable, enable.
ssl_exempts Sequence[ObjectFirewallSslsshprofileSslExemptArgs]: Ssl-Exempt. The structure of ssl_exempt block is documented below.
ssl_handshake_log str: Enable/disable logging of TLS handshakes. Valid values: disable, enable.
ssl_negotiation_log str: Enable/disable logging SSL negotiation. Valid values: disable, enable.
ssl_server_cert_log str: Enable/disable logging of server certificate information. Valid values: disable, enable.
ssl_servers Sequence[ObjectFirewallSslsshprofileSslServerArgs]: Ssl-Server. The structure of ssl_server block is documented below.
supported_alpn str: Configure ALPN option. Valid values: none, http1-1, http2, all.
untrusted_caname str: Untrusted CA certificate used by SSL Inspection.
use_ssl_server str: Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist str: Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

adom String: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowlist String: Enable/disable exempting servers by FortiGuard allowlist. Valid values: disable, enable.
blockBlacklistedCertificates String: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
blockBlocklistedCertificates String: Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
caname String: CA certificate used by SSL Inspection.
comment String: Optional comments.
dot Property Map: Dot. The structure of dot block is documented below.
dynamicSortSubtable String: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
echOuterSnis List<Property Map>: Ech-Outer-Sni. The structure of ech_outer_sni block is documented below.
ftps Property Map: Ftps. The structure of ftps block is documented below.
https Property Map: Https. The structure of https block is documented below.
imaps Property Map: Imaps. The structure of imaps block is documented below.
mapiOverHttps String: Enable/disable inspection of MAPI over HTTPS. Valid values: disable, enable.
name String: Name.
objectFirewallSslsshprofileId String: an identifier for the resource with format {{name}}.
pop3s Property Map: Pop3S. The structure of pop3s block is documented below.
rpcOverHttps String: Enable/disable inspection of RPC over HTTPS. Valid values: disable, enable.
scopetype String: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverCert String: Certificate used by SSL Inspection to replace server certificate.
serverCertMode String: Re-sign or replace the server's certificate. Valid values: re-sign, replace.
smtps Property Map: Smtps. The structure of smtps block is documented below.
ssh Property Map: Ssh. The structure of ssh block is documented below.
ssl Property Map: Ssl. The structure of ssl block is documented below.
sslAnomaliesLog String: Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslAnomalyLog String: Enable/disable logging SSL anomalies. Valid values: disable, enable.
sslExemptionIpRating String: Enable/disable IP based URL rating. Valid values: disable, enable.
sslExemptionLog String: Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExemptionsLog String: Enable/disable logging SSL exemptions. Valid values: disable, enable.
sslExempts List<Property Map>: Ssl-Exempt. The structure of ssl_exempt block is documented below.
sslHandshakeLog String: Enable/disable logging of TLS handshakes. Valid values: disable, enable.
sslNegotiationLog String: Enable/disable logging SSL negotiation. Valid values: disable, enable.
sslServerCertLog String: Enable/disable logging of server certificate information. Valid values: disable, enable.
sslServers List<Property Map>: Ssl-Server. The structure of ssl_server block is documented below.
supportedAlpn String: Configure ALPN option. Valid values: none, http1-1, http2, all.
untrustedCaname String: Untrusted CA certificate used by SSL Inspection.
useSslServer String: Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
whitelist String: Enable/disable exempting servers by FortiGuard whitelist. Valid values: disable, enable.

Supporting Types

ObjectFirewallSslsshprofileDot, ObjectFirewallSslsshprofileDotArgs

CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
MinAllowedSslVersion string: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ProxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
Quic string: Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
Status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: block, allow.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: block, allow.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
MinAllowedSslVersion string: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ProxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
Quic string: Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
Status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: block, allow.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: block, allow.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
minAllowedSslVersion String: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
proxyAfterTcpHandshake String: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic String: Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
status String: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: block, allow.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: block, allow.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedServerCert String: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

certValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
minAllowedSslVersion string: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
proxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic string: Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: block, allow.
unsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: block, allow.
unsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

cert_validation_failure str: Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str: Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_certificate str: Action based on received client certificate. Valid values: bypass, inspect, block.
expired_server_cert str: Action based on server certificate is expired. Valid values: allow, block, ignore.
min_allowed_ssl_version str: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
proxy_after_tcp_handshake str: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic str: Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revoked_server_cert str: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sni_server_cert_check str: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
status str: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupported_ssl_cipher str: Action based on the SSL cipher used being unsupported. Valid values: block, allow.
unsupported_ssl_negotiation str: Action based on the SSL negotiation used being unsupported. Valid values: block, allow.
unsupported_ssl_version str: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_server_cert str: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
minAllowedSslVersion String: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
proxyAfterTcpHandshake String: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic String: Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
status String: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: block, allow.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: block, allow.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedServerCert String: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

ObjectFirewallSslsshprofileEchOuterSni, ObjectFirewallSslsshprofileEchOuterSniArgs

Name string: ClientHelloOuter SNI name.
Sni string: ClientHelloOuter SNI to be blocked.

Name string: ClientHelloOuter SNI name.
Sni string: ClientHelloOuter SNI to be blocked.

name String: ClientHelloOuter SNI name.
sni String: ClientHelloOuter SNI to be blocked.

name string: ClientHelloOuter SNI name.
sni string: ClientHelloOuter SNI to be blocked.

name str: ClientHelloOuter SNI name.
sni str: ClientHelloOuter SNI to be blocked.

name String: ClientHelloOuter SNI name.
sni String: ClientHelloOuter SNI to be blocked.

ObjectFirewallSslsshprofileFtps, ObjectFirewallSslsshprofileFtpsArgs

AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports List<double>: Ports to use for scanning (1 - 65535, default = 443).
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports []float64: Ports to use for scanning (1 - 65535, default = 443).
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Double>: Ports to use for scanning (1 - 65535, default = 443).
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports number[]: Ports to use for scanning (1 - 65535, default = 443).
revokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allow_invalid_server_cert str: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
cert_validation_failure str: Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str: Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_cert_request str: Action based on client certificate request. Valid values: bypass, inspect, block.
client_certificate str: Action based on received client certificate. Valid values: bypass, inspect, block.
expired_server_cert str: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalid_server_cert str: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
min_allowed_ssl_version str: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports Sequence[float]: Ports to use for scanning (1 - 65535, default = 443).
revoked_server_cert str: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sni_server_cert_check str: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status str: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupported_ssl str: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupported_ssl_cipher str: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupported_ssl_negotiation str: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupported_ssl_version str: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_cert str: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrusted_server_cert str: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Number>: Ports to use for scanning (1 - 65535, default = 443).
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

ObjectFirewallSslsshprofileHttps, ObjectFirewallSslsshprofileHttpsArgs

AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertProbeFailure string: Action based on certificate probe failure. Valid values: block, allow.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
EncryptedClientHello string: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports List<double>: Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
Quic string: Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string: Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertProbeFailure string: Action based on certificate probe failure. Valid values: block, allow.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
EncryptedClientHello string: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports []float64: Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
Quic string: Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string: Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure String: Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello String: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Double>: Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic String: Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String: Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure string: Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello string: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports number[]: Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic string: Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status string: Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
unsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allow_invalid_server_cert str: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
cert_probe_failure str: Action based on certificate probe failure. Valid values: block, allow.
cert_validation_failure str: Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str: Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_cert_request str: Action based on client certificate request. Valid values: bypass, inspect, block.
client_certificate str: Action based on received client certificate. Valid values: bypass, inspect, block.
encrypted_client_hello str: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expired_server_cert str: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalid_server_cert str: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
min_allowed_ssl_version str: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports Sequence[float]: Ports to use for scanning (1 - 65535, default = 443).
proxy_after_tcp_handshake str: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic str: Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revoked_server_cert str: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sni_server_cert_check str: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status str: Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
unsupported_ssl str: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupported_ssl_cipher str: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupported_ssl_negotiation str: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupported_ssl_version str: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_cert str: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrusted_server_cert str: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure String: Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello String: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Number>: Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
quic String: Enable/disable QUIC inspection (default = disable). Valid values: disable, enable.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String: Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

ObjectFirewallSslsshprofileImaps, ObjectFirewallSslsshprofileImapsArgs

AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports List<double>: Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports []float64: Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Double>: Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion string: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports number[]: Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allow_invalid_server_cert str: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
cert_validation_failure str: Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str: Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_cert_request str: Action based on client certificate request. Valid values: bypass, inspect, block.
client_certificate str: Action based on received client certificate. Valid values: bypass, inspect, block.
expired_server_cert str: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalid_server_cert str: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
min_allowed_ssl_version str: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports Sequence[float]: Ports to use for scanning (1 - 65535, default = 443).
proxy_after_tcp_handshake str: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revoked_server_cert str: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sni_server_cert_check str: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status str: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupported_ssl str: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupported_ssl_cipher str: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupported_ssl_negotiation str: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupported_ssl_version str: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_cert str: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrusted_server_cert str: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Number>: Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

ObjectFirewallSslsshprofilePop3s, ObjectFirewallSslsshprofilePop3sArgs

AllowInvalidServerCert string
CertValidationFailure string
CertValidationTimeout string
ClientCertRequest string
ClientCertificate string
ExpiredServerCert string
InvalidServerCert string
MinAllowedSslVersion string
Ports List<double>
ProxyAfterTcpHandshake string
RevokedServerCert string
SniServerCertCheck string
Status string
UnsupportedSsl string
UnsupportedSslCipher string
UnsupportedSslNegotiation string
UnsupportedSslVersion string
UntrustedCert string
UntrustedServerCert string

AllowInvalidServerCert string
CertValidationFailure string
CertValidationTimeout string
ClientCertRequest string
ClientCertificate string
ExpiredServerCert string
InvalidServerCert string
MinAllowedSslVersion string
Ports []float64
ProxyAfterTcpHandshake string
RevokedServerCert string
SniServerCertCheck string
Status string
UnsupportedSsl string
UnsupportedSslCipher string
UnsupportedSslNegotiation string
UnsupportedSslVersion string
UntrustedCert string
UntrustedServerCert string

allowInvalidServerCert String
certValidationFailure String
certValidationTimeout String
clientCertRequest String
clientCertificate String
expiredServerCert String
invalidServerCert String
minAllowedSslVersion String
ports List<Double>
proxyAfterTcpHandshake String
revokedServerCert String
sniServerCertCheck String
status String
unsupportedSsl String
unsupportedSslCipher String
unsupportedSslNegotiation String
unsupportedSslVersion String
untrustedCert String
untrustedServerCert String

allowInvalidServerCert string
certValidationFailure string
certValidationTimeout string
clientCertRequest string
clientCertificate string
expiredServerCert string
invalidServerCert string
minAllowedSslVersion string
ports number[]
proxyAfterTcpHandshake string
revokedServerCert string
sniServerCertCheck string
status string
unsupportedSsl string
unsupportedSslCipher string
unsupportedSslNegotiation string
unsupportedSslVersion string
untrustedCert string
untrustedServerCert string

allow_invalid_server_cert str
cert_validation_failure str
cert_validation_timeout str
client_cert_request str
client_certificate str
expired_server_cert str
invalid_server_cert str
min_allowed_ssl_version str
ports Sequence[float]
proxy_after_tcp_handshake str
revoked_server_cert str
sni_server_cert_check str
status str
unsupported_ssl str
unsupported_ssl_cipher str
unsupported_ssl_negotiation str
unsupported_ssl_version str
untrusted_cert str
untrusted_server_cert str

allowInvalidServerCert String
certValidationFailure String
certValidationTimeout String
clientCertRequest String
clientCertificate String
expiredServerCert String
invalidServerCert String
minAllowedSslVersion String
ports List<Number>
proxyAfterTcpHandshake String
revokedServerCert String
sniServerCertCheck String
status String
unsupportedSsl String
unsupportedSslCipher String
unsupportedSslNegotiation String
unsupportedSslVersion String
untrustedCert String
untrustedServerCert String

ObjectFirewallSslsshprofileSmtps, ObjectFirewallSslsshprofileSmtpsArgs

AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports List<double>: Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Ports []float64: Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
Status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Double>: Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion string: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports number[]: Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allow_invalid_server_cert str: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
cert_validation_failure str: Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str: Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_cert_request str: Action based on client certificate request. Valid values: bypass, inspect, block.
client_certificate str: Action based on received client certificate. Valid values: bypass, inspect, block.
expired_server_cert str: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalid_server_cert str: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
min_allowed_ssl_version str: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports Sequence[float]: Ports to use for scanning (1 - 65535, default = 443).
proxy_after_tcp_handshake str: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revoked_server_cert str: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sni_server_cert_check str: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status str: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupported_ssl str: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupported_ssl_cipher str: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupported_ssl_negotiation str: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupported_ssl_version str: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_cert str: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrusted_server_cert str: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Min-Allowed-Ssl-Version. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ports List<Number>: Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
status String: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

ObjectFirewallSslsshprofileSsh, ObjectFirewallSslsshprofileSshArgs

InspectAll string: Level of SSL inspection. Valid values: disable, deep-inspection.
Ports List<double>: Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
SshAlgorithm string: Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
SshPolicyCheck string: Enable/disable SSH policy check. Valid values: disable, enable.
SshTunPolicyCheck string: Enable/disable SSH tunnel policy check. Valid values: disable, enable.
Status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedVersion string: Action based on SSH version being unsupported. Valid values: block, bypass.

InspectAll string: Level of SSL inspection. Valid values: disable, deep-inspection.
Ports []float64: Ports to use for scanning (1 - 65535, default = 443).
ProxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
SshAlgorithm string: Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
SshPolicyCheck string: Enable/disable SSH policy check. Valid values: disable, enable.
SshTunPolicyCheck string: Enable/disable SSH tunnel policy check. Valid values: disable, enable.
Status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
UnsupportedVersion string: Action based on SSH version being unsupported. Valid values: block, bypass.

inspectAll String: Level of SSL inspection. Valid values: disable, deep-inspection.
ports List<Double>: Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
sshAlgorithm String: Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
sshPolicyCheck String: Enable/disable SSH policy check. Valid values: disable, enable.
sshTunPolicyCheck String: Enable/disable SSH tunnel policy check. Valid values: disable, enable.
status String: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedVersion String: Action based on SSH version being unsupported. Valid values: block, bypass.

inspectAll string: Level of SSL inspection. Valid values: disable, deep-inspection.
ports number[]: Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake string: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
sshAlgorithm string: Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
sshPolicyCheck string: Enable/disable SSH policy check. Valid values: disable, enable.
sshTunPolicyCheck string: Enable/disable SSH tunnel policy check. Valid values: disable, enable.
status string: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedVersion string: Action based on SSH version being unsupported. Valid values: block, bypass.

inspect_all str: Level of SSL inspection. Valid values: disable, deep-inspection.
ports Sequence[float]: Ports to use for scanning (1 - 65535, default = 443).
proxy_after_tcp_handshake str: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
ssh_algorithm str: Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
ssh_policy_check str: Enable/disable SSH policy check. Valid values: disable, enable.
ssh_tun_policy_check str: Enable/disable SSH tunnel policy check. Valid values: disable, enable.
status str: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupported_version str: Action based on SSH version being unsupported. Valid values: block, bypass.

inspectAll String: Level of SSL inspection. Valid values: disable, deep-inspection.
ports List<Number>: Ports to use for scanning (1 - 65535, default = 443).
proxyAfterTcpHandshake String: Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: disable, enable.
sshAlgorithm String: Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
sshPolicyCheck String: Enable/disable SSH policy check. Valid values: disable, enable.
sshTunPolicyCheck String: Enable/disable SSH tunnel policy check. Valid values: disable, enable.
status String: Configure protocol inspection status. Valid values: disable, deep-inspection.
unsupportedVersion String: Action based on SSH version being unsupported. Valid values: block, bypass.

ObjectFirewallSslsshprofileSsl, ObjectFirewallSslsshprofileSslArgs

AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertProbeFailure string: Action based on certificate probe failure. Valid values: block, allow.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
EncryptedClientHello string: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InspectAll string: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertProbeFailure string: Action based on certificate probe failure. Valid values: block, allow.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
EncryptedClientHello string: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InspectAll string: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure String: Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello String: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
inspectAll String: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure string: Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello string: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
inspectAll string: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
revokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
unsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert string: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allow_invalid_server_cert str: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
cert_probe_failure str: Action based on certificate probe failure. Valid values: block, allow.
cert_validation_failure str: Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str: Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_cert_request str: Action based on client certificate request. Valid values: bypass, inspect, block.
client_certificate str: Action based on received client certificate. Valid values: bypass, inspect, block.
encrypted_client_hello str: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expired_server_cert str: Action based on server certificate is expired. Valid values: allow, block, ignore.
inspect_all str: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalid_server_cert str: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
min_allowed_ssl_version str: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
revoked_server_cert str: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sni_server_cert_check str: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
unsupported_ssl str: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupported_ssl_cipher str: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupported_ssl_negotiation str: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupported_ssl_version str: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_cert str: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrusted_server_cert str: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure String: Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello String: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
inspectAll String: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

ObjectFirewallSslsshprofileSslExempt, ObjectFirewallSslsshprofileSslExemptArgs

Address string: IPv4 address object.
Address6 string: IPv6 address object.
FortiguardCategories List<string>: FortiGuard category ID.
Id double: ID number.
Regex string: Exempt servers by regular expression.
Type string: Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
WildcardFqdns List<string>: Exempt servers by wildcard FQDN.

Address string: IPv4 address object.
Address6 string: IPv6 address object.
FortiguardCategories []string: FortiGuard category ID.
Id float64: ID number.
Regex string: Exempt servers by regular expression.
Type string: Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
WildcardFqdns []string: Exempt servers by wildcard FQDN.

address String: IPv4 address object.
address6 String: IPv6 address object.
fortiguardCategories List<String>: FortiGuard category ID.
id Double: ID number.
regex String: Exempt servers by regular expression.
type String: Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
wildcardFqdns List<String>: Exempt servers by wildcard FQDN.

address string: IPv4 address object.
address6 string: IPv6 address object.
fortiguardCategories string[]: FortiGuard category ID.
id number: ID number.
regex string: Exempt servers by regular expression.
type string: Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
wildcardFqdns string[]: Exempt servers by wildcard FQDN.

address str: IPv4 address object.
address6 str: IPv6 address object.
fortiguard_categories Sequence[str]: FortiGuard category ID.
id float: ID number.
regex str: Exempt servers by regular expression.
type str: Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
wildcard_fqdns Sequence[str]: Exempt servers by wildcard FQDN.

address String: IPv4 address object.
address6 String: IPv6 address object.
fortiguardCategories List<String>: FortiGuard category ID.
id Number: ID number.
regex String: Exempt servers by regular expression.
type String: Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
wildcardFqdns List<String>: Exempt servers by wildcard FQDN.

ObjectFirewallSslsshprofileSslServer, ObjectFirewallSslsshprofileSslServerArgs

FtpsClientCertRequest string: Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
FtpsClientCertificate string: Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
HttpsClientCertRequest string: Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
HttpsClientCertificate string: Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
Id double: SSL server ID.
ImapsClientCertRequest string: Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
ImapsClientCertificate string: Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
Ip string: IPv4 address of the SSL server.
Pop3sClientCertRequest string: Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
Pop3sClientCertificate string: Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
SmtpsClientCertRequest string: Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
SmtpsClientCertificate string: Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
SslOtherClientCertRequest string: Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
SslOtherClientCertificate string: Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.

FtpsClientCertRequest string: Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
FtpsClientCertificate string: Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
HttpsClientCertRequest string: Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
HttpsClientCertificate string: Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
Id float64: SSL server ID.
ImapsClientCertRequest string: Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
ImapsClientCertificate string: Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
Ip string: IPv4 address of the SSL server.
Pop3sClientCertRequest string: Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
Pop3sClientCertificate string: Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
SmtpsClientCertRequest string: Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
SmtpsClientCertificate string: Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
SslOtherClientCertRequest string: Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
SslOtherClientCertificate string: Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.

ftpsClientCertRequest String: Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
ftpsClientCertificate String: Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
httpsClientCertRequest String: Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
httpsClientCertificate String: Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
id Double: SSL server ID.
imapsClientCertRequest String: Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
imapsClientCertificate String: Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
ip String: IPv4 address of the SSL server.
pop3sClientCertRequest String: Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
pop3sClientCertificate String: Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
smtpsClientCertRequest String: Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
smtpsClientCertificate String: Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
sslOtherClientCertRequest String: Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
sslOtherClientCertificate String: Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.

ftpsClientCertRequest string: Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
ftpsClientCertificate string: Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
httpsClientCertRequest string: Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
httpsClientCertificate string: Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
id number: SSL server ID.
imapsClientCertRequest string: Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
imapsClientCertificate string: Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
ip string: IPv4 address of the SSL server.
pop3sClientCertRequest string: Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
pop3sClientCertificate string: Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
smtpsClientCertRequest string: Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
smtpsClientCertificate string: Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
sslOtherClientCertRequest string: Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
sslOtherClientCertificate string: Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.

ftps_client_cert_request str: Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
ftps_client_certificate str: Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
https_client_cert_request str: Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
https_client_certificate str: Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
id float: SSL server ID.
imaps_client_cert_request str: Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
imaps_client_certificate str: Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
ip str: IPv4 address of the SSL server.
pop3s_client_cert_request str: Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
pop3s_client_certificate str: Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
smtps_client_cert_request str: Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
smtps_client_certificate str: Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
ssl_other_client_cert_request str: Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
ssl_other_client_certificate str: Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.

ftpsClientCertRequest String: Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
ftpsClientCertificate String: Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
httpsClientCertRequest String: Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
httpsClientCertificate String: Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
id Number: SSL server ID.
imapsClientCertRequest String: Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
imapsClientCertificate String: Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
ip String: IPv4 address of the SSL server.
pop3sClientCertRequest String: Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
pop3sClientCertificate String: Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
smtpsClientCertRequest String: Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
smtpsClientCertificate String: Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
sslOtherClientCertRequest String: Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
sslOtherClientCertificate String: Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.

Import

ObjectFirewall SslSshProfile can be imported using any of these accepted formats:

$ export “FORTIMANAGER_IMPORT_TABLE”=“true”

$ pulumi import fortimanager:index/objectFirewallSslsshprofile:ObjectFirewallSslsshprofile labelname {{name}}

$ unset “FORTIMANAGER_IMPORT_TABLE”

-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: fortimanager fortinetdev/terraform-provider-fortimanager
License
Notes: This Pulumi package is based on the fortimanager Terraform Provider.

fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortinetdev/terraform-provider-fortimanager

fortimanager.ObjectFirewallSslsshprofile

On this page

On this page

Example Usage

Create ObjectFirewallSslsshprofile Resource

Constructor syntax

Parameters

Constructor example

ObjectFirewallSslsshprofile Resource Properties

Inputs

Outputs

Look up Existing ObjectFirewallSslsshprofile Resource

Supporting Types

ObjectFirewallSslsshprofileDot, ObjectFirewallSslsshprofileDotArgs

ObjectFirewallSslsshprofileEchOuterSni, ObjectFirewallSslsshprofileEchOuterSniArgs

ObjectFirewallSslsshprofileFtps, ObjectFirewallSslsshprofileFtpsArgs

ObjectFirewallSslsshprofileHttps, ObjectFirewallSslsshprofileHttpsArgs

ObjectFirewallSslsshprofileImaps, ObjectFirewallSslsshprofileImapsArgs

ObjectFirewallSslsshprofilePop3s, ObjectFirewallSslsshprofilePop3sArgs

ObjectFirewallSslsshprofileSmtps, ObjectFirewallSslsshprofileSmtpsArgs

ObjectFirewallSslsshprofileSsh, ObjectFirewallSslsshprofileSshArgs

ObjectFirewallSslsshprofileSsl, ObjectFirewallSslsshprofileSslArgs

ObjectFirewallSslsshprofileSslExempt, ObjectFirewallSslsshprofileSslExemptArgs

ObjectFirewallSslsshprofileSslServer, ObjectFirewallSslsshprofileSslServerArgs

Import

Package Details

On this page

On this page