fortimanager 1.13.0, Mar 13 25

fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortinetdev/terraform-provider-fortimanager

fortimanager.ObjectFirewallSslsshprofileSsl

Explore with Pulumi AI

fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortinetdev/terraform-provider-fortimanager

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";

const trnameObjectFirewallSslsshprofile = new fortimanager.ObjectFirewallSslsshprofile("trnameObjectFirewallSslsshprofile", {});
const trnameObjectFirewallSslsshprofileSsl = new fortimanager.ObjectFirewallSslsshprofileSsl("trnameObjectFirewallSslsshprofileSsl", {
    sslSshProfile: trnameObjectFirewallSslsshprofile.name,
    certProbeFailure: "block",
    certValidationFailure: "ignore",
    certValidationTimeout: "block",
}, {
    dependsOn: [trnameObjectFirewallSslsshprofile],
});

import pulumi
import pulumi_fortimanager as fortimanager

trname_object_firewall_sslsshprofile = fortimanager.ObjectFirewallSslsshprofile("trnameObjectFirewallSslsshprofile")
trname_object_firewall_sslsshprofile_ssl = fortimanager.ObjectFirewallSslsshprofileSsl("trnameObjectFirewallSslsshprofileSsl",
    ssl_ssh_profile=trname_object_firewall_sslsshprofile.name,
    cert_probe_failure="block",
    cert_validation_failure="ignore",
    cert_validation_timeout="block",
    opts = pulumi.ResourceOptions(depends_on=[trname_object_firewall_sslsshprofile]))

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		trnameObjectFirewallSslsshprofile, err := fortimanager.NewObjectFirewallSslsshprofile(ctx, "trnameObjectFirewallSslsshprofile", nil)
		if err != nil {
			return err
		}
		_, err = fortimanager.NewObjectFirewallSslsshprofileSsl(ctx, "trnameObjectFirewallSslsshprofileSsl", &fortimanager.ObjectFirewallSslsshprofileSslArgs{
			SslSshProfile:         trnameObjectFirewallSslsshprofile.Name,
			CertProbeFailure:      pulumi.String("block"),
			CertValidationFailure: pulumi.String("ignore"),
			CertValidationTimeout: pulumi.String("block"),
		}, pulumi.DependsOn([]pulumi.Resource{
			trnameObjectFirewallSslsshprofile,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;

return await Deployment.RunAsync(() => 
{
    var trnameObjectFirewallSslsshprofile = new Fortimanager.ObjectFirewallSslsshprofile("trnameObjectFirewallSslsshprofile");

    var trnameObjectFirewallSslsshprofileSsl = new Fortimanager.ObjectFirewallSslsshprofileSsl("trnameObjectFirewallSslsshprofileSsl", new()
    {
        SslSshProfile = trnameObjectFirewallSslsshprofile.Name,
        CertProbeFailure = "block",
        CertValidationFailure = "ignore",
        CertValidationTimeout = "block",
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            trnameObjectFirewallSslsshprofile,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.ObjectFirewallSslsshprofile;
import com.pulumi.fortimanager.ObjectFirewallSslsshprofileSsl;
import com.pulumi.fortimanager.ObjectFirewallSslsshprofileSslArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var trnameObjectFirewallSslsshprofile = new ObjectFirewallSslsshprofile("trnameObjectFirewallSslsshprofile");

        var trnameObjectFirewallSslsshprofileSsl = new ObjectFirewallSslsshprofileSsl("trnameObjectFirewallSslsshprofileSsl", ObjectFirewallSslsshprofileSslArgs.builder()
            .sslSshProfile(trnameObjectFirewallSslsshprofile.name())
            .certProbeFailure("block")
            .certValidationFailure("ignore")
            .certValidationTimeout("block")
            .build(), CustomResourceOptions.builder()
                .dependsOn(trnameObjectFirewallSslsshprofile)
                .build());

    }
}

resources:
  trnameObjectFirewallSslsshprofileSsl:
    type: fortimanager:ObjectFirewallSslsshprofileSsl
    properties:
      sslSshProfile: ${trnameObjectFirewallSslsshprofile.name}
      certProbeFailure: block
      certValidationFailure: ignore
      certValidationTimeout: block
    options:
      dependsOn:
        - ${trnameObjectFirewallSslsshprofile}
  trnameObjectFirewallSslsshprofile:
    type: fortimanager:ObjectFirewallSslsshprofile

Create ObjectFirewallSslsshprofileSsl Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ObjectFirewallSslsshprofileSsl(name: string, args: ObjectFirewallSslsshprofileSslArgs, opts?: CustomResourceOptions);

@overload
def ObjectFirewallSslsshprofileSsl(resource_name: str,
                                   args: ObjectFirewallSslsshprofileSslInitArgs,
                                   opts: Optional[ResourceOptions] = None)

@overload
def ObjectFirewallSslsshprofileSsl(resource_name: str,
                                   opts: Optional[ResourceOptions] = None,
                                   ssl_ssh_profile: Optional[str] = None,
                                   invalid_server_cert: Optional[str] = None,
                                   cert_validation_failure: Optional[str] = None,
                                   object_firewall_sslsshprofile_ssl_id: Optional[str] = None,
                                   cert_validation_timeout: Optional[str] = None,
                                   client_cert_request: Optional[str] = None,
                                   client_certificate: Optional[str] = None,
                                   encrypted_client_hello: Optional[str] = None,
                                   expired_server_cert: Optional[str] = None,
                                   revoked_server_cert: Optional[str] = None,
                                   adom: Optional[str] = None,
                                   untrusted_server_cert: Optional[str] = None,
                                   cert_probe_failure: Optional[str] = None,
                                   inspect_all: Optional[str] = None,
                                   scopetype: Optional[str] = None,
                                   sni_server_cert_check: Optional[str] = None,
                                   allow_invalid_server_cert: Optional[str] = None,
                                   unsupported_ssl: Optional[str] = None,
                                   unsupported_ssl_cipher: Optional[str] = None,
                                   unsupported_ssl_negotiation: Optional[str] = None,
                                   unsupported_ssl_version: Optional[str] = None,
                                   untrusted_cert: Optional[str] = None,
                                   min_allowed_ssl_version: Optional[str] = None)

func NewObjectFirewallSslsshprofileSsl(ctx *Context, name string, args ObjectFirewallSslsshprofileSslArgs, opts ...ResourceOption) (*ObjectFirewallSslsshprofileSsl, error)

public ObjectFirewallSslsshprofileSsl(string name, ObjectFirewallSslsshprofileSslArgs args, CustomResourceOptions? opts = null)

public ObjectFirewallSslsshprofileSsl(String name, ObjectFirewallSslsshprofileSslArgs args)
public ObjectFirewallSslsshprofileSsl(String name, ObjectFirewallSslsshprofileSslArgs args, CustomResourceOptions options)

type: fortimanager:ObjectFirewallSslsshprofileSsl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ObjectFirewallSslsshprofileSslArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ObjectFirewallSslsshprofileSslInitArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ObjectFirewallSslsshprofileSslArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ObjectFirewallSslsshprofileSslArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ObjectFirewallSslsshprofileSslArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var objectFirewallSslsshprofileSslResource = new Fortimanager.ObjectFirewallSslsshprofileSsl("objectFirewallSslsshprofileSslResource", new()
{
    SslSshProfile = "string",
    InvalidServerCert = "string",
    CertValidationFailure = "string",
    ObjectFirewallSslsshprofileSslId = "string",
    CertValidationTimeout = "string",
    ClientCertRequest = "string",
    ClientCertificate = "string",
    EncryptedClientHello = "string",
    ExpiredServerCert = "string",
    RevokedServerCert = "string",
    Adom = "string",
    UntrustedServerCert = "string",
    CertProbeFailure = "string",
    InspectAll = "string",
    Scopetype = "string",
    SniServerCertCheck = "string",
    AllowInvalidServerCert = "string",
    UnsupportedSsl = "string",
    UnsupportedSslCipher = "string",
    UnsupportedSslNegotiation = "string",
    UnsupportedSslVersion = "string",
    UntrustedCert = "string",
    MinAllowedSslVersion = "string",
});

example, err := fortimanager.NewObjectFirewallSslsshprofileSsl(ctx, "objectFirewallSslsshprofileSslResource", &fortimanager.ObjectFirewallSslsshprofileSslArgs{
SslSshProfile: pulumi.String("string"),
InvalidServerCert: pulumi.String("string"),
CertValidationFailure: pulumi.String("string"),
ObjectFirewallSslsshprofileSslId: pulumi.String("string"),
CertValidationTimeout: pulumi.String("string"),
ClientCertRequest: pulumi.String("string"),
ClientCertificate: pulumi.String("string"),
EncryptedClientHello: pulumi.String("string"),
ExpiredServerCert: pulumi.String("string"),
RevokedServerCert: pulumi.String("string"),
Adom: pulumi.String("string"),
UntrustedServerCert: pulumi.String("string"),
CertProbeFailure: pulumi.String("string"),
InspectAll: pulumi.String("string"),
Scopetype: pulumi.String("string"),
SniServerCertCheck: pulumi.String("string"),
AllowInvalidServerCert: pulumi.String("string"),
UnsupportedSsl: pulumi.String("string"),
UnsupportedSslCipher: pulumi.String("string"),
UnsupportedSslNegotiation: pulumi.String("string"),
UnsupportedSslVersion: pulumi.String("string"),
UntrustedCert: pulumi.String("string"),
MinAllowedSslVersion: pulumi.String("string"),
})

var objectFirewallSslsshprofileSslResource = new ObjectFirewallSslsshprofileSsl("objectFirewallSslsshprofileSslResource", ObjectFirewallSslsshprofileSslArgs.builder()
    .sslSshProfile("string")
    .invalidServerCert("string")
    .certValidationFailure("string")
    .objectFirewallSslsshprofileSslId("string")
    .certValidationTimeout("string")
    .clientCertRequest("string")
    .clientCertificate("string")
    .encryptedClientHello("string")
    .expiredServerCert("string")
    .revokedServerCert("string")
    .adom("string")
    .untrustedServerCert("string")
    .certProbeFailure("string")
    .inspectAll("string")
    .scopetype("string")
    .sniServerCertCheck("string")
    .allowInvalidServerCert("string")
    .unsupportedSsl("string")
    .unsupportedSslCipher("string")
    .unsupportedSslNegotiation("string")
    .unsupportedSslVersion("string")
    .untrustedCert("string")
    .minAllowedSslVersion("string")
    .build());

object_firewall_sslsshprofile_ssl_resource = fortimanager.ObjectFirewallSslsshprofileSsl("objectFirewallSslsshprofileSslResource",
    ssl_ssh_profile="string",
    invalid_server_cert="string",
    cert_validation_failure="string",
    object_firewall_sslsshprofile_ssl_id="string",
    cert_validation_timeout="string",
    client_cert_request="string",
    client_certificate="string",
    encrypted_client_hello="string",
    expired_server_cert="string",
    revoked_server_cert="string",
    adom="string",
    untrusted_server_cert="string",
    cert_probe_failure="string",
    inspect_all="string",
    scopetype="string",
    sni_server_cert_check="string",
    allow_invalid_server_cert="string",
    unsupported_ssl="string",
    unsupported_ssl_cipher="string",
    unsupported_ssl_negotiation="string",
    unsupported_ssl_version="string",
    untrusted_cert="string",
    min_allowed_ssl_version="string")

const objectFirewallSslsshprofileSslResource = new fortimanager.ObjectFirewallSslsshprofileSsl("objectFirewallSslsshprofileSslResource", {
    sslSshProfile: "string",
    invalidServerCert: "string",
    certValidationFailure: "string",
    objectFirewallSslsshprofileSslId: "string",
    certValidationTimeout: "string",
    clientCertRequest: "string",
    clientCertificate: "string",
    encryptedClientHello: "string",
    expiredServerCert: "string",
    revokedServerCert: "string",
    adom: "string",
    untrustedServerCert: "string",
    certProbeFailure: "string",
    inspectAll: "string",
    scopetype: "string",
    sniServerCertCheck: "string",
    allowInvalidServerCert: "string",
    unsupportedSsl: "string",
    unsupportedSslCipher: "string",
    unsupportedSslNegotiation: "string",
    unsupportedSslVersion: "string",
    untrustedCert: "string",
    minAllowedSslVersion: "string",
});

type: fortimanager:ObjectFirewallSslsshprofileSsl
properties:
    adom: string
    allowInvalidServerCert: string
    certProbeFailure: string
    certValidationFailure: string
    certValidationTimeout: string
    clientCertRequest: string
    clientCertificate: string
    encryptedClientHello: string
    expiredServerCert: string
    inspectAll: string
    invalidServerCert: string
    minAllowedSslVersion: string
    objectFirewallSslsshprofileSslId: string
    revokedServerCert: string
    scopetype: string
    sniServerCertCheck: string
    sslSshProfile: string
    unsupportedSsl: string
    unsupportedSslCipher: string
    unsupportedSslNegotiation: string
    unsupportedSslVersion: string
    untrustedCert: string
    untrustedServerCert: string

ObjectFirewallSslsshprofileSsl Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ObjectFirewallSslsshprofileSsl resource accepts the following input properties:

SslSshProfile string: Ssl Ssh Profile.
Adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertProbeFailure string: Action based on certificate probe failure. Valid values: block, allow.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
EncryptedClientHello string: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InspectAll string: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ObjectFirewallSslsshprofileSslId string: an identifier for the resource.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
Scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

SslSshProfile string: Ssl Ssh Profile.
Adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertProbeFailure string: Action based on certificate probe failure. Valid values: block, allow.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
EncryptedClientHello string: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InspectAll string: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ObjectFirewallSslsshprofileSslId string: an identifier for the resource.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
Scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

sslSshProfile String: Ssl Ssh Profile.
adom String: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure String: Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello String: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
inspectAll String: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
objectFirewallSslsshprofileSslId String: an identifier for the resource.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
scopetype String: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

sslSshProfile string: Ssl Ssh Profile.
adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure string: Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello string: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
inspectAll string: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
objectFirewallSslsshprofileSslId string: an identifier for the resource.
revokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
sniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
unsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

ssl_ssh_profile str: Ssl Ssh Profile.
adom str: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allow_invalid_server_cert str: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
cert_probe_failure str: Action based on certificate probe failure. Valid values: block, allow.
cert_validation_failure str: Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str: Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_cert_request str: Action based on client certificate request. Valid values: bypass, inspect, block.
client_certificate str: Action based on received client certificate. Valid values: bypass, inspect, block.
encrypted_client_hello str: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expired_server_cert str: Action based on server certificate is expired. Valid values: allow, block, ignore.
inspect_all str: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalid_server_cert str: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
min_allowed_ssl_version str: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
object_firewall_sslsshprofile_ssl_id str: an identifier for the resource.
revoked_server_cert str: Action based on server certificate is revoked. Valid values: allow, block, ignore.
scopetype str: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
sni_server_cert_check str: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
unsupported_ssl str: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupported_ssl_cipher str: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupported_ssl_negotiation str: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupported_ssl_version str: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_cert str: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrusted_server_cert str: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

sslSshProfile String: Ssl Ssh Profile.
adom String: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure String: Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello String: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
inspectAll String: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
objectFirewallSslsshprofileSslId String: an identifier for the resource.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
scopetype String: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

Outputs

All input properties are implicitly available as output properties. Additionally, the ObjectFirewallSslsshprofileSsl resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing ObjectFirewallSslsshprofileSsl Resource

Get an existing ObjectFirewallSslsshprofileSsl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ObjectFirewallSslsshprofileSslState, opts?: CustomResourceOptions): ObjectFirewallSslsshprofileSsl

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        adom: Optional[str] = None,
        allow_invalid_server_cert: Optional[str] = None,
        cert_probe_failure: Optional[str] = None,
        cert_validation_failure: Optional[str] = None,
        cert_validation_timeout: Optional[str] = None,
        client_cert_request: Optional[str] = None,
        client_certificate: Optional[str] = None,
        encrypted_client_hello: Optional[str] = None,
        expired_server_cert: Optional[str] = None,
        inspect_all: Optional[str] = None,
        invalid_server_cert: Optional[str] = None,
        min_allowed_ssl_version: Optional[str] = None,
        object_firewall_sslsshprofile_ssl_id: Optional[str] = None,
        revoked_server_cert: Optional[str] = None,
        scopetype: Optional[str] = None,
        sni_server_cert_check: Optional[str] = None,
        ssl_ssh_profile: Optional[str] = None,
        unsupported_ssl: Optional[str] = None,
        unsupported_ssl_cipher: Optional[str] = None,
        unsupported_ssl_negotiation: Optional[str] = None,
        unsupported_ssl_version: Optional[str] = None,
        untrusted_cert: Optional[str] = None,
        untrusted_server_cert: Optional[str] = None) -> ObjectFirewallSslsshprofileSsl

func GetObjectFirewallSslsshprofileSsl(ctx *Context, name string, id IDInput, state *ObjectFirewallSslsshprofileSslState, opts ...ResourceOption) (*ObjectFirewallSslsshprofileSsl, error)

public static ObjectFirewallSslsshprofileSsl Get(string name, Input<string> id, ObjectFirewallSslsshprofileSslState? state, CustomResourceOptions? opts = null)

public static ObjectFirewallSslsshprofileSsl get(String name, Output<String> id, ObjectFirewallSslsshprofileSslState state, CustomResourceOptions options)

resources:  _:    type: fortimanager:ObjectFirewallSslsshprofileSsl    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertProbeFailure string: Action based on certificate probe failure. Valid values: block, allow.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
EncryptedClientHello string: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InspectAll string: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ObjectFirewallSslsshprofileSslId string: an identifier for the resource.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
Scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
SslSshProfile string: Ssl Ssh Profile.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

Adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
AllowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
CertProbeFailure string: Action based on certificate probe failure. Valid values: block, allow.
CertValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
CertValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
ClientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
ClientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
EncryptedClientHello string: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
ExpiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
InspectAll string: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
InvalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
MinAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ObjectFirewallSslsshprofileSslId string: an identifier for the resource.
RevokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
Scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
SniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
SslSshProfile string: Ssl Ssh Profile.
UnsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
UnsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
UnsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
UnsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
UntrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
UntrustedServerCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

adom String: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure String: Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello String: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
inspectAll String: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
objectFirewallSslsshprofileSslId String: an identifier for the resource.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
scopetype String: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
sslSshProfile String: Ssl Ssh Profile.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

adom string: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowInvalidServerCert string: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure string: Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure string: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout string: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest string: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate string: Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello string: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert string: Action based on server certificate is expired. Valid values: allow, block, ignore.
inspectAll string: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalidServerCert string: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion string: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
objectFirewallSslsshprofileSslId string: an identifier for the resource.
revokedServerCert string: Action based on server certificate is revoked. Valid values: allow, block, ignore.
scopetype string: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
sniServerCertCheck string: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
sslSshProfile string: Ssl Ssh Profile.
unsupportedSsl string: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher string: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation string: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion string: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert string: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

adom str: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allow_invalid_server_cert str: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
cert_probe_failure str: Action based on certificate probe failure. Valid values: block, allow.
cert_validation_failure str: Action based on certificate validation failure. Valid values: allow, block, ignore.
cert_validation_timeout str: Action based on certificate validation timeout. Valid values: allow, block, ignore.
client_cert_request str: Action based on client certificate request. Valid values: bypass, inspect, block.
client_certificate str: Action based on received client certificate. Valid values: bypass, inspect, block.
encrypted_client_hello str: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expired_server_cert str: Action based on server certificate is expired. Valid values: allow, block, ignore.
inspect_all str: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalid_server_cert str: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
min_allowed_ssl_version str: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
object_firewall_sslsshprofile_ssl_id str: an identifier for the resource.
revoked_server_cert str: Action based on server certificate is revoked. Valid values: allow, block, ignore.
scopetype str: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
sni_server_cert_check str: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
ssl_ssh_profile str: Ssl Ssh Profile.
unsupported_ssl str: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupported_ssl_cipher str: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupported_ssl_negotiation str: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupported_ssl_version str: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrusted_cert str: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrusted_server_cert str: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

adom String: Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
allowInvalidServerCert String: When enabled, allows SSL sessions whose server certificate validation failed. Valid values: disable, enable.
certProbeFailure String: Action based on certificate probe failure. Valid values: block, allow.
certValidationFailure String: Action based on certificate validation failure. Valid values: allow, block, ignore.
certValidationTimeout String: Action based on certificate validation timeout. Valid values: allow, block, ignore.
clientCertRequest String: Action based on client certificate request. Valid values: bypass, inspect, block.
clientCertificate String: Action based on received client certificate. Valid values: bypass, inspect, block.
encryptedClientHello String: Block/allow session based on existence of encrypted-client-hello. Valid values: block, allow.
expiredServerCert String: Action based on server certificate is expired. Valid values: allow, block, ignore.
inspectAll String: Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
invalidServerCert String: Allow or block the invalid SSL session server certificate. Valid values: allow, block.
minAllowedSslVersion String: Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
objectFirewallSslsshprofileSslId String: an identifier for the resource.
revokedServerCert String: Action based on server certificate is revoked. Valid values: allow, block, ignore.
scopetype String: The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
sniServerCertCheck String: Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: disable, enable, strict.
sslSshProfile String: Ssl Ssh Profile.
unsupportedSsl String: Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
unsupportedSslCipher String: Action based on the SSL cipher used being unsupported. Valid values: allow, block.
unsupportedSslNegotiation String: Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
unsupportedSslVersion String: Action based on the SSL version used being unsupported. Valid values: block, allow, inspect.
untrustedCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
untrustedServerCert String: Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

Import

ObjectFirewall SslSshProfileSsl can be imported using any of these accepted formats:

Set import_options = [“ssl_ssh_profile=YOUR_VALUE”] in the provider section.

$ export “FORTIMANAGER_IMPORT_TABLE”=“true”

$ pulumi import fortimanager:index/objectFirewallSslsshprofileSsl:ObjectFirewallSslsshprofileSsl labelname ObjectFirewallSslSshProfileSsl

$ unset “FORTIMANAGER_IMPORT_TABLE”

-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: fortimanager fortinetdev/terraform-provider-fortimanager
License
Notes: This Pulumi package is based on the fortimanager Terraform Provider.

fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortinetdev/terraform-provider-fortimanager

fortimanager.ObjectFirewallSslsshprofileSsl

On this page

On this page

Example Usage

Create ObjectFirewallSslsshprofileSsl Resource

Constructor syntax

Parameters

Constructor example

ObjectFirewallSslsshprofileSsl Resource Properties

Inputs

Outputs

Look up Existing ObjectFirewallSslsshprofileSsl Resource

Import

Package Details

On this page

On this page