1. Packages
  2. Fortios
  3. API Docs
  4. firewall
  5. Sslsshprofile
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.firewall.Sslsshprofile

Explore with Pulumi AI

fortios logo
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

    Configure SSL/SSH protocol options.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumiverse/fortios";
    
    const t1 = new fortios.firewall.Sslsshprofile("t1", {
        ftps: {
            ports: "990",
        },
        https: {
            ports: "443 127 422 392",
        },
        imaps: {
            ports: "993 1123",
        },
        pop3s: {
            ports: "995",
        },
        smtps: {
            ports: "465",
        },
        ssl: {
            inspectAll: "disable",
        },
    });
    const t2 = new fortios.firewall.Sslsshprofile("t2", {
        https: {
            ports: "443",
        },
        ssl: {
            inspectAll: "deep-inspection",
        },
    });
    
    import pulumi
    import pulumiverse_fortios as fortios
    
    t1 = fortios.firewall.Sslsshprofile("t1",
        ftps=fortios.firewall.SslsshprofileFtpsArgs(
            ports="990",
        ),
        https=fortios.firewall.SslsshprofileHttpsArgs(
            ports="443 127 422 392",
        ),
        imaps=fortios.firewall.SslsshprofileImapsArgs(
            ports="993 1123",
        ),
        pop3s=fortios.firewall.SslsshprofilePop3sArgs(
            ports="995",
        ),
        smtps=fortios.firewall.SslsshprofileSmtpsArgs(
            ports="465",
        ),
        ssl=fortios.firewall.SslsshprofileSslArgs(
            inspect_all="disable",
        ))
    t2 = fortios.firewall.Sslsshprofile("t2",
        https=fortios.firewall.SslsshprofileHttpsArgs(
            ports="443",
        ),
        ssl=fortios.firewall.SslsshprofileSslArgs(
            inspect_all="deep-inspection",
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := firewall.NewSslsshprofile(ctx, "t1", &firewall.SslsshprofileArgs{
    			Ftps: &firewall.SslsshprofileFtpsArgs{
    				Ports: pulumi.String("990"),
    			},
    			Https: &firewall.SslsshprofileHttpsArgs{
    				Ports: pulumi.String("443 127 422 392"),
    			},
    			Imaps: &firewall.SslsshprofileImapsArgs{
    				Ports: pulumi.String("993 1123"),
    			},
    			Pop3s: &firewall.SslsshprofilePop3sArgs{
    				Ports: pulumi.String("995"),
    			},
    			Smtps: &firewall.SslsshprofileSmtpsArgs{
    				Ports: pulumi.String("465"),
    			},
    			Ssl: &firewall.SslsshprofileSslArgs{
    				InspectAll: pulumi.String("disable"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = firewall.NewSslsshprofile(ctx, "t2", &firewall.SslsshprofileArgs{
    			Https: &firewall.SslsshprofileHttpsArgs{
    				Ports: pulumi.String("443"),
    			},
    			Ssl: &firewall.SslsshprofileSslArgs{
    				InspectAll: pulumi.String("deep-inspection"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumiverse.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var t1 = new Fortios.Firewall.Sslsshprofile("t1", new()
        {
            Ftps = new Fortios.Firewall.Inputs.SslsshprofileFtpsArgs
            {
                Ports = "990",
            },
            Https = new Fortios.Firewall.Inputs.SslsshprofileHttpsArgs
            {
                Ports = "443 127 422 392",
            },
            Imaps = new Fortios.Firewall.Inputs.SslsshprofileImapsArgs
            {
                Ports = "993 1123",
            },
            Pop3s = new Fortios.Firewall.Inputs.SslsshprofilePop3sArgs
            {
                Ports = "995",
            },
            Smtps = new Fortios.Firewall.Inputs.SslsshprofileSmtpsArgs
            {
                Ports = "465",
            },
            Ssl = new Fortios.Firewall.Inputs.SslsshprofileSslArgs
            {
                InspectAll = "disable",
            },
        });
    
        var t2 = new Fortios.Firewall.Sslsshprofile("t2", new()
        {
            Https = new Fortios.Firewall.Inputs.SslsshprofileHttpsArgs
            {
                Ports = "443",
            },
            Ssl = new Fortios.Firewall.Inputs.SslsshprofileSslArgs
            {
                InspectAll = "deep-inspection",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.firewall.Sslsshprofile;
    import com.pulumi.fortios.firewall.SslsshprofileArgs;
    import com.pulumi.fortios.firewall.inputs.SslsshprofileFtpsArgs;
    import com.pulumi.fortios.firewall.inputs.SslsshprofileHttpsArgs;
    import com.pulumi.fortios.firewall.inputs.SslsshprofileImapsArgs;
    import com.pulumi.fortios.firewall.inputs.SslsshprofilePop3sArgs;
    import com.pulumi.fortios.firewall.inputs.SslsshprofileSmtpsArgs;
    import com.pulumi.fortios.firewall.inputs.SslsshprofileSslArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var t1 = new Sslsshprofile("t1", SslsshprofileArgs.builder()
                .ftps(SslsshprofileFtpsArgs.builder()
                    .ports(990)
                    .build())
                .https(SslsshprofileHttpsArgs.builder()
                    .ports("443 127 422 392")
                    .build())
                .imaps(SslsshprofileImapsArgs.builder()
                    .ports("993 1123")
                    .build())
                .pop3s(SslsshprofilePop3sArgs.builder()
                    .ports(995)
                    .build())
                .smtps(SslsshprofileSmtpsArgs.builder()
                    .ports(465)
                    .build())
                .ssl(SslsshprofileSslArgs.builder()
                    .inspectAll("disable")
                    .build())
                .build());
    
            var t2 = new Sslsshprofile("t2", SslsshprofileArgs.builder()
                .https(SslsshprofileHttpsArgs.builder()
                    .ports(443)
                    .build())
                .ssl(SslsshprofileSslArgs.builder()
                    .inspectAll("deep-inspection")
                    .build())
                .build());
    
        }
    }
    
    resources:
      t1:
        type: fortios:firewall:Sslsshprofile
        properties:
          ftps:
            ports: 990
          https:
            ports: 443 127 422 392
          imaps:
            ports: 993 1123
          pop3s:
            ports: 995
          smtps:
            ports: 465
          ssl:
            inspectAll: disable
      t2:
        type: fortios:firewall:Sslsshprofile
        properties:
          https:
            ports: 443
          ssl:
            inspectAll: deep-inspection
    

    Create Sslsshprofile Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Sslsshprofile(name: string, args?: SslsshprofileArgs, opts?: CustomResourceOptions);
    @overload
    def Sslsshprofile(resource_name: str,
                      args: Optional[SslsshprofileArgs] = None,
                      opts: Optional[ResourceOptions] = None)
    
    @overload
    def Sslsshprofile(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      allowlist: Optional[str] = None,
                      block_blacklisted_certificates: Optional[str] = None,
                      block_blocklisted_certificates: Optional[str] = None,
                      caname: Optional[str] = None,
                      comment: Optional[str] = None,
                      dot: Optional[SslsshprofileDotArgs] = None,
                      dynamic_sort_subtable: Optional[str] = None,
                      ech_outer_snis: Optional[Sequence[SslsshprofileEchOuterSniArgs]] = None,
                      ftps: Optional[SslsshprofileFtpsArgs] = None,
                      get_all_tables: Optional[str] = None,
                      https: Optional[SslsshprofileHttpsArgs] = None,
                      imaps: Optional[SslsshprofileImapsArgs] = None,
                      mapi_over_https: Optional[str] = None,
                      name: Optional[str] = None,
                      pop3s: Optional[SslsshprofilePop3sArgs] = None,
                      rpc_over_https: Optional[str] = None,
                      server_cert: Optional[str] = None,
                      server_cert_mode: Optional[str] = None,
                      smtps: Optional[SslsshprofileSmtpsArgs] = None,
                      ssh: Optional[SslsshprofileSshArgs] = None,
                      ssl: Optional[SslsshprofileSslArgs] = None,
                      ssl_anomalies_log: Optional[str] = None,
                      ssl_anomaly_log: Optional[str] = None,
                      ssl_exemption_ip_rating: Optional[str] = None,
                      ssl_exemption_log: Optional[str] = None,
                      ssl_exemptions_log: Optional[str] = None,
                      ssl_exempts: Optional[Sequence[SslsshprofileSslExemptArgs]] = None,
                      ssl_handshake_log: Optional[str] = None,
                      ssl_negotiation_log: Optional[str] = None,
                      ssl_server_cert_log: Optional[str] = None,
                      ssl_servers: Optional[Sequence[SslsshprofileSslServerArgs]] = None,
                      supported_alpn: Optional[str] = None,
                      untrusted_caname: Optional[str] = None,
                      use_ssl_server: Optional[str] = None,
                      vdomparam: Optional[str] = None,
                      whitelist: Optional[str] = None)
    func NewSslsshprofile(ctx *Context, name string, args *SslsshprofileArgs, opts ...ResourceOption) (*Sslsshprofile, error)
    public Sslsshprofile(string name, SslsshprofileArgs? args = null, CustomResourceOptions? opts = null)
    public Sslsshprofile(String name, SslsshprofileArgs args)
    public Sslsshprofile(String name, SslsshprofileArgs args, CustomResourceOptions options)
    
    type: fortios:firewall:Sslsshprofile
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SslsshprofileArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SslsshprofileArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SslsshprofileArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SslsshprofileArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SslsshprofileArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var sslsshprofileResource = new Fortios.Firewall.Sslsshprofile("sslsshprofileResource", new()
    {
        Allowlist = "string",
        BlockBlacklistedCertificates = "string",
        BlockBlocklistedCertificates = "string",
        Caname = "string",
        Comment = "string",
        Dot = new Fortios.Firewall.Inputs.SslsshprofileDotArgs
        {
            CertValidationFailure = "string",
            CertValidationTimeout = "string",
            ClientCertificate = "string",
            ExpiredServerCert = "string",
            ProxyAfterTcpHandshake = "string",
            Quic = "string",
            RevokedServerCert = "string",
            SniServerCertCheck = "string",
            Status = "string",
            UnsupportedSslCipher = "string",
            UnsupportedSslNegotiation = "string",
            UnsupportedSslVersion = "string",
            UntrustedServerCert = "string",
        },
        DynamicSortSubtable = "string",
        EchOuterSnis = new[]
        {
            new Fortios.Firewall.Inputs.SslsshprofileEchOuterSniArgs
            {
                Name = "string",
                Sni = "string",
            },
        },
        Ftps = new Fortios.Firewall.Inputs.SslsshprofileFtpsArgs
        {
            CertValidationFailure = "string",
            CertValidationTimeout = "string",
            ClientCertRequest = "string",
            ClientCertificate = "string",
            ExpiredServerCert = "string",
            InvalidServerCert = "string",
            MinAllowedSslVersion = "string",
            Ports = "string",
            RevokedServerCert = "string",
            SniServerCertCheck = "string",
            Status = "string",
            UnsupportedSsl = "string",
            UnsupportedSslCipher = "string",
            UnsupportedSslNegotiation = "string",
            UnsupportedSslVersion = "string",
            UntrustedServerCert = "string",
        },
        GetAllTables = "string",
        Https = new Fortios.Firewall.Inputs.SslsshprofileHttpsArgs
        {
            CertProbeFailure = "string",
            CertValidationFailure = "string",
            CertValidationTimeout = "string",
            ClientCertRequest = "string",
            ClientCertificate = "string",
            EncryptedClientHello = "string",
            ExpiredServerCert = "string",
            InvalidServerCert = "string",
            MinAllowedSslVersion = "string",
            Ports = "string",
            ProxyAfterTcpHandshake = "string",
            Quic = "string",
            RevokedServerCert = "string",
            SniServerCertCheck = "string",
            Status = "string",
            UnsupportedSsl = "string",
            UnsupportedSslCipher = "string",
            UnsupportedSslNegotiation = "string",
            UnsupportedSslVersion = "string",
            UntrustedServerCert = "string",
        },
        Imaps = new Fortios.Firewall.Inputs.SslsshprofileImapsArgs
        {
            CertValidationFailure = "string",
            CertValidationTimeout = "string",
            ClientCertRequest = "string",
            ClientCertificate = "string",
            ExpiredServerCert = "string",
            InvalidServerCert = "string",
            Ports = "string",
            ProxyAfterTcpHandshake = "string",
            RevokedServerCert = "string",
            SniServerCertCheck = "string",
            Status = "string",
            UnsupportedSsl = "string",
            UnsupportedSslCipher = "string",
            UnsupportedSslNegotiation = "string",
            UnsupportedSslVersion = "string",
            UntrustedServerCert = "string",
        },
        MapiOverHttps = "string",
        Name = "string",
        Pop3s = new Fortios.Firewall.Inputs.SslsshprofilePop3sArgs
        {
            CertValidationFailure = "string",
            CertValidationTimeout = "string",
            ClientCertRequest = "string",
            ClientCertificate = "string",
            ExpiredServerCert = "string",
            InvalidServerCert = "string",
            Ports = "string",
            ProxyAfterTcpHandshake = "string",
            RevokedServerCert = "string",
            SniServerCertCheck = "string",
            Status = "string",
            UnsupportedSsl = "string",
            UnsupportedSslCipher = "string",
            UnsupportedSslNegotiation = "string",
            UnsupportedSslVersion = "string",
            UntrustedServerCert = "string",
        },
        RpcOverHttps = "string",
        ServerCert = "string",
        ServerCertMode = "string",
        Smtps = new Fortios.Firewall.Inputs.SslsshprofileSmtpsArgs
        {
            CertValidationFailure = "string",
            CertValidationTimeout = "string",
            ClientCertRequest = "string",
            ClientCertificate = "string",
            ExpiredServerCert = "string",
            InvalidServerCert = "string",
            Ports = "string",
            ProxyAfterTcpHandshake = "string",
            RevokedServerCert = "string",
            SniServerCertCheck = "string",
            Status = "string",
            UnsupportedSsl = "string",
            UnsupportedSslCipher = "string",
            UnsupportedSslNegotiation = "string",
            UnsupportedSslVersion = "string",
            UntrustedServerCert = "string",
        },
        Ssh = new Fortios.Firewall.Inputs.SslsshprofileSshArgs
        {
            InspectAll = "string",
            Ports = "string",
            ProxyAfterTcpHandshake = "string",
            SshAlgorithm = "string",
            SshPolicyCheck = "string",
            SshTunPolicyCheck = "string",
            Status = "string",
            UnsupportedVersion = "string",
        },
        Ssl = new Fortios.Firewall.Inputs.SslsshprofileSslArgs
        {
            CertProbeFailure = "string",
            CertValidationFailure = "string",
            CertValidationTimeout = "string",
            ClientCertRequest = "string",
            ClientCertificate = "string",
            EncryptedClientHello = "string",
            ExpiredServerCert = "string",
            InspectAll = "string",
            InvalidServerCert = "string",
            MinAllowedSslVersion = "string",
            RevokedServerCert = "string",
            SniServerCertCheck = "string",
            UnsupportedSsl = "string",
            UnsupportedSslCipher = "string",
            UnsupportedSslNegotiation = "string",
            UnsupportedSslVersion = "string",
            UntrustedServerCert = "string",
        },
        SslAnomaliesLog = "string",
        SslAnomalyLog = "string",
        SslExemptionIpRating = "string",
        SslExemptionLog = "string",
        SslExemptionsLog = "string",
        SslExempts = new[]
        {
            new Fortios.Firewall.Inputs.SslsshprofileSslExemptArgs
            {
                Address = "string",
                Address6 = "string",
                FortiguardCategory = 0,
                Id = 0,
                Regex = "string",
                Type = "string",
                WildcardFqdn = "string",
            },
        },
        SslHandshakeLog = "string",
        SslNegotiationLog = "string",
        SslServerCertLog = "string",
        SslServers = new[]
        {
            new Fortios.Firewall.Inputs.SslsshprofileSslServerArgs
            {
                FtpsClientCertRequest = "string",
                FtpsClientCertificate = "string",
                HttpsClientCertRequest = "string",
                HttpsClientCertificate = "string",
                Id = 0,
                ImapsClientCertRequest = "string",
                ImapsClientCertificate = "string",
                Ip = "string",
                Pop3sClientCertRequest = "string",
                Pop3sClientCertificate = "string",
                SmtpsClientCertRequest = "string",
                SmtpsClientCertificate = "string",
                SslOtherClientCertRequest = "string",
                SslOtherClientCertificate = "string",
            },
        },
        SupportedAlpn = "string",
        UntrustedCaname = "string",
        UseSslServer = "string",
        Vdomparam = "string",
        Whitelist = "string",
    });
    
    example, err := firewall.NewSslsshprofile(ctx, "sslsshprofileResource", &firewall.SslsshprofileArgs{
    	Allowlist:                    pulumi.String("string"),
    	BlockBlacklistedCertificates: pulumi.String("string"),
    	BlockBlocklistedCertificates: pulumi.String("string"),
    	Caname:                       pulumi.String("string"),
    	Comment:                      pulumi.String("string"),
    	Dot: &firewall.SslsshprofileDotArgs{
    		CertValidationFailure:     pulumi.String("string"),
    		CertValidationTimeout:     pulumi.String("string"),
    		ClientCertificate:         pulumi.String("string"),
    		ExpiredServerCert:         pulumi.String("string"),
    		ProxyAfterTcpHandshake:    pulumi.String("string"),
    		Quic:                      pulumi.String("string"),
    		RevokedServerCert:         pulumi.String("string"),
    		SniServerCertCheck:        pulumi.String("string"),
    		Status:                    pulumi.String("string"),
    		UnsupportedSslCipher:      pulumi.String("string"),
    		UnsupportedSslNegotiation: pulumi.String("string"),
    		UnsupportedSslVersion:     pulumi.String("string"),
    		UntrustedServerCert:       pulumi.String("string"),
    	},
    	DynamicSortSubtable: pulumi.String("string"),
    	EchOuterSnis: firewall.SslsshprofileEchOuterSniArray{
    		&firewall.SslsshprofileEchOuterSniArgs{
    			Name: pulumi.String("string"),
    			Sni:  pulumi.String("string"),
    		},
    	},
    	Ftps: &firewall.SslsshprofileFtpsArgs{
    		CertValidationFailure:     pulumi.String("string"),
    		CertValidationTimeout:     pulumi.String("string"),
    		ClientCertRequest:         pulumi.String("string"),
    		ClientCertificate:         pulumi.String("string"),
    		ExpiredServerCert:         pulumi.String("string"),
    		InvalidServerCert:         pulumi.String("string"),
    		MinAllowedSslVersion:      pulumi.String("string"),
    		Ports:                     pulumi.String("string"),
    		RevokedServerCert:         pulumi.String("string"),
    		SniServerCertCheck:        pulumi.String("string"),
    		Status:                    pulumi.String("string"),
    		UnsupportedSsl:            pulumi.String("string"),
    		UnsupportedSslCipher:      pulumi.String("string"),
    		UnsupportedSslNegotiation: pulumi.String("string"),
    		UnsupportedSslVersion:     pulumi.String("string"),
    		UntrustedServerCert:       pulumi.String("string"),
    	},
    	GetAllTables: pulumi.String("string"),
    	Https: &firewall.SslsshprofileHttpsArgs{
    		CertProbeFailure:          pulumi.String("string"),
    		CertValidationFailure:     pulumi.String("string"),
    		CertValidationTimeout:     pulumi.String("string"),
    		ClientCertRequest:         pulumi.String("string"),
    		ClientCertificate:         pulumi.String("string"),
    		EncryptedClientHello:      pulumi.String("string"),
    		ExpiredServerCert:         pulumi.String("string"),
    		InvalidServerCert:         pulumi.String("string"),
    		MinAllowedSslVersion:      pulumi.String("string"),
    		Ports:                     pulumi.String("string"),
    		ProxyAfterTcpHandshake:    pulumi.String("string"),
    		Quic:                      pulumi.String("string"),
    		RevokedServerCert:         pulumi.String("string"),
    		SniServerCertCheck:        pulumi.String("string"),
    		Status:                    pulumi.String("string"),
    		UnsupportedSsl:            pulumi.String("string"),
    		UnsupportedSslCipher:      pulumi.String("string"),
    		UnsupportedSslNegotiation: pulumi.String("string"),
    		UnsupportedSslVersion:     pulumi.String("string"),
    		UntrustedServerCert:       pulumi.String("string"),
    	},
    	Imaps: &firewall.SslsshprofileImapsArgs{
    		CertValidationFailure:     pulumi.String("string"),
    		CertValidationTimeout:     pulumi.String("string"),
    		ClientCertRequest:         pulumi.String("string"),
    		ClientCertificate:         pulumi.String("string"),
    		ExpiredServerCert:         pulumi.String("string"),
    		InvalidServerCert:         pulumi.String("string"),
    		Ports:                     pulumi.String("string"),
    		ProxyAfterTcpHandshake:    pulumi.String("string"),
    		RevokedServerCert:         pulumi.String("string"),
    		SniServerCertCheck:        pulumi.String("string"),
    		Status:                    pulumi.String("string"),
    		UnsupportedSsl:            pulumi.String("string"),
    		UnsupportedSslCipher:      pulumi.String("string"),
    		UnsupportedSslNegotiation: pulumi.String("string"),
    		UnsupportedSslVersion:     pulumi.String("string"),
    		UntrustedServerCert:       pulumi.String("string"),
    	},
    	MapiOverHttps: pulumi.String("string"),
    	Name:          pulumi.String("string"),
    	Pop3s: &firewall.SslsshprofilePop3sArgs{
    		CertValidationFailure:     pulumi.String("string"),
    		CertValidationTimeout:     pulumi.String("string"),
    		ClientCertRequest:         pulumi.String("string"),
    		ClientCertificate:         pulumi.String("string"),
    		ExpiredServerCert:         pulumi.String("string"),
    		InvalidServerCert:         pulumi.String("string"),
    		Ports:                     pulumi.String("string"),
    		ProxyAfterTcpHandshake:    pulumi.String("string"),
    		RevokedServerCert:         pulumi.String("string"),
    		SniServerCertCheck:        pulumi.String("string"),
    		Status:                    pulumi.String("string"),
    		UnsupportedSsl:            pulumi.String("string"),
    		UnsupportedSslCipher:      pulumi.String("string"),
    		UnsupportedSslNegotiation: pulumi.String("string"),
    		UnsupportedSslVersion:     pulumi.String("string"),
    		UntrustedServerCert:       pulumi.String("string"),
    	},
    	RpcOverHttps:   pulumi.String("string"),
    	ServerCert:     pulumi.String("string"),
    	ServerCertMode: pulumi.String("string"),
    	Smtps: &firewall.SslsshprofileSmtpsArgs{
    		CertValidationFailure:     pulumi.String("string"),
    		CertValidationTimeout:     pulumi.String("string"),
    		ClientCertRequest:         pulumi.String("string"),
    		ClientCertificate:         pulumi.String("string"),
    		ExpiredServerCert:         pulumi.String("string"),
    		InvalidServerCert:         pulumi.String("string"),
    		Ports:                     pulumi.String("string"),
    		ProxyAfterTcpHandshake:    pulumi.String("string"),
    		RevokedServerCert:         pulumi.String("string"),
    		SniServerCertCheck:        pulumi.String("string"),
    		Status:                    pulumi.String("string"),
    		UnsupportedSsl:            pulumi.String("string"),
    		UnsupportedSslCipher:      pulumi.String("string"),
    		UnsupportedSslNegotiation: pulumi.String("string"),
    		UnsupportedSslVersion:     pulumi.String("string"),
    		UntrustedServerCert:       pulumi.String("string"),
    	},
    	Ssh: &firewall.SslsshprofileSshArgs{
    		InspectAll:             pulumi.String("string"),
    		Ports:                  pulumi.String("string"),
    		ProxyAfterTcpHandshake: pulumi.String("string"),
    		SshAlgorithm:           pulumi.String("string"),
    		SshPolicyCheck:         pulumi.String("string"),
    		SshTunPolicyCheck:      pulumi.String("string"),
    		Status:                 pulumi.String("string"),
    		UnsupportedVersion:     pulumi.String("string"),
    	},
    	Ssl: &firewall.SslsshprofileSslArgs{
    		CertProbeFailure:          pulumi.String("string"),
    		CertValidationFailure:     pulumi.String("string"),
    		CertValidationTimeout:     pulumi.String("string"),
    		ClientCertRequest:         pulumi.String("string"),
    		ClientCertificate:         pulumi.String("string"),
    		EncryptedClientHello:      pulumi.String("string"),
    		ExpiredServerCert:         pulumi.String("string"),
    		InspectAll:                pulumi.String("string"),
    		InvalidServerCert:         pulumi.String("string"),
    		MinAllowedSslVersion:      pulumi.String("string"),
    		RevokedServerCert:         pulumi.String("string"),
    		SniServerCertCheck:        pulumi.String("string"),
    		UnsupportedSsl:            pulumi.String("string"),
    		UnsupportedSslCipher:      pulumi.String("string"),
    		UnsupportedSslNegotiation: pulumi.String("string"),
    		UnsupportedSslVersion:     pulumi.String("string"),
    		UntrustedServerCert:       pulumi.String("string"),
    	},
    	SslAnomaliesLog:      pulumi.String("string"),
    	SslAnomalyLog:        pulumi.String("string"),
    	SslExemptionIpRating: pulumi.String("string"),
    	SslExemptionLog:      pulumi.String("string"),
    	SslExemptionsLog:     pulumi.String("string"),
    	SslExempts: firewall.SslsshprofileSslExemptArray{
    		&firewall.SslsshprofileSslExemptArgs{
    			Address:            pulumi.String("string"),
    			Address6:           pulumi.String("string"),
    			FortiguardCategory: pulumi.Int(0),
    			Id:                 pulumi.Int(0),
    			Regex:              pulumi.String("string"),
    			Type:               pulumi.String("string"),
    			WildcardFqdn:       pulumi.String("string"),
    		},
    	},
    	SslHandshakeLog:   pulumi.String("string"),
    	SslNegotiationLog: pulumi.String("string"),
    	SslServerCertLog:  pulumi.String("string"),
    	SslServers: firewall.SslsshprofileSslServerArray{
    		&firewall.SslsshprofileSslServerArgs{
    			FtpsClientCertRequest:     pulumi.String("string"),
    			FtpsClientCertificate:     pulumi.String("string"),
    			HttpsClientCertRequest:    pulumi.String("string"),
    			HttpsClientCertificate:    pulumi.String("string"),
    			Id:                        pulumi.Int(0),
    			ImapsClientCertRequest:    pulumi.String("string"),
    			ImapsClientCertificate:    pulumi.String("string"),
    			Ip:                        pulumi.String("string"),
    			Pop3sClientCertRequest:    pulumi.String("string"),
    			Pop3sClientCertificate:    pulumi.String("string"),
    			SmtpsClientCertRequest:    pulumi.String("string"),
    			SmtpsClientCertificate:    pulumi.String("string"),
    			SslOtherClientCertRequest: pulumi.String("string"),
    			SslOtherClientCertificate: pulumi.String("string"),
    		},
    	},
    	SupportedAlpn:   pulumi.String("string"),
    	UntrustedCaname: pulumi.String("string"),
    	UseSslServer:    pulumi.String("string"),
    	Vdomparam:       pulumi.String("string"),
    	Whitelist:       pulumi.String("string"),
    })
    
    var sslsshprofileResource = new Sslsshprofile("sslsshprofileResource", SslsshprofileArgs.builder()
        .allowlist("string")
        .blockBlacklistedCertificates("string")
        .blockBlocklistedCertificates("string")
        .caname("string")
        .comment("string")
        .dot(SslsshprofileDotArgs.builder()
            .certValidationFailure("string")
            .certValidationTimeout("string")
            .clientCertificate("string")
            .expiredServerCert("string")
            .proxyAfterTcpHandshake("string")
            .quic("string")
            .revokedServerCert("string")
            .sniServerCertCheck("string")
            .status("string")
            .unsupportedSslCipher("string")
            .unsupportedSslNegotiation("string")
            .unsupportedSslVersion("string")
            .untrustedServerCert("string")
            .build())
        .dynamicSortSubtable("string")
        .echOuterSnis(SslsshprofileEchOuterSniArgs.builder()
            .name("string")
            .sni("string")
            .build())
        .ftps(SslsshprofileFtpsArgs.builder()
            .certValidationFailure("string")
            .certValidationTimeout("string")
            .clientCertRequest("string")
            .clientCertificate("string")
            .expiredServerCert("string")
            .invalidServerCert("string")
            .minAllowedSslVersion("string")
            .ports("string")
            .revokedServerCert("string")
            .sniServerCertCheck("string")
            .status("string")
            .unsupportedSsl("string")
            .unsupportedSslCipher("string")
            .unsupportedSslNegotiation("string")
            .unsupportedSslVersion("string")
            .untrustedServerCert("string")
            .build())
        .getAllTables("string")
        .https(SslsshprofileHttpsArgs.builder()
            .certProbeFailure("string")
            .certValidationFailure("string")
            .certValidationTimeout("string")
            .clientCertRequest("string")
            .clientCertificate("string")
            .encryptedClientHello("string")
            .expiredServerCert("string")
            .invalidServerCert("string")
            .minAllowedSslVersion("string")
            .ports("string")
            .proxyAfterTcpHandshake("string")
            .quic("string")
            .revokedServerCert("string")
            .sniServerCertCheck("string")
            .status("string")
            .unsupportedSsl("string")
            .unsupportedSslCipher("string")
            .unsupportedSslNegotiation("string")
            .unsupportedSslVersion("string")
            .untrustedServerCert("string")
            .build())
        .imaps(SslsshprofileImapsArgs.builder()
            .certValidationFailure("string")
            .certValidationTimeout("string")
            .clientCertRequest("string")
            .clientCertificate("string")
            .expiredServerCert("string")
            .invalidServerCert("string")
            .ports("string")
            .proxyAfterTcpHandshake("string")
            .revokedServerCert("string")
            .sniServerCertCheck("string")
            .status("string")
            .unsupportedSsl("string")
            .unsupportedSslCipher("string")
            .unsupportedSslNegotiation("string")
            .unsupportedSslVersion("string")
            .untrustedServerCert("string")
            .build())
        .mapiOverHttps("string")
        .name("string")
        .pop3s(SslsshprofilePop3sArgs.builder()
            .certValidationFailure("string")
            .certValidationTimeout("string")
            .clientCertRequest("string")
            .clientCertificate("string")
            .expiredServerCert("string")
            .invalidServerCert("string")
            .ports("string")
            .proxyAfterTcpHandshake("string")
            .revokedServerCert("string")
            .sniServerCertCheck("string")
            .status("string")
            .unsupportedSsl("string")
            .unsupportedSslCipher("string")
            .unsupportedSslNegotiation("string")
            .unsupportedSslVersion("string")
            .untrustedServerCert("string")
            .build())
        .rpcOverHttps("string")
        .serverCert("string")
        .serverCertMode("string")
        .smtps(SslsshprofileSmtpsArgs.builder()
            .certValidationFailure("string")
            .certValidationTimeout("string")
            .clientCertRequest("string")
            .clientCertificate("string")
            .expiredServerCert("string")
            .invalidServerCert("string")
            .ports("string")
            .proxyAfterTcpHandshake("string")
            .revokedServerCert("string")
            .sniServerCertCheck("string")
            .status("string")
            .unsupportedSsl("string")
            .unsupportedSslCipher("string")
            .unsupportedSslNegotiation("string")
            .unsupportedSslVersion("string")
            .untrustedServerCert("string")
            .build())
        .ssh(SslsshprofileSshArgs.builder()
            .inspectAll("string")
            .ports("string")
            .proxyAfterTcpHandshake("string")
            .sshAlgorithm("string")
            .sshPolicyCheck("string")
            .sshTunPolicyCheck("string")
            .status("string")
            .unsupportedVersion("string")
            .build())
        .ssl(SslsshprofileSslArgs.builder()
            .certProbeFailure("string")
            .certValidationFailure("string")
            .certValidationTimeout("string")
            .clientCertRequest("string")
            .clientCertificate("string")
            .encryptedClientHello("string")
            .expiredServerCert("string")
            .inspectAll("string")
            .invalidServerCert("string")
            .minAllowedSslVersion("string")
            .revokedServerCert("string")
            .sniServerCertCheck("string")
            .unsupportedSsl("string")
            .unsupportedSslCipher("string")
            .unsupportedSslNegotiation("string")
            .unsupportedSslVersion("string")
            .untrustedServerCert("string")
            .build())
        .sslAnomaliesLog("string")
        .sslAnomalyLog("string")
        .sslExemptionIpRating("string")
        .sslExemptionLog("string")
        .sslExemptionsLog("string")
        .sslExempts(SslsshprofileSslExemptArgs.builder()
            .address("string")
            .address6("string")
            .fortiguardCategory(0)
            .id(0)
            .regex("string")
            .type("string")
            .wildcardFqdn("string")
            .build())
        .sslHandshakeLog("string")
        .sslNegotiationLog("string")
        .sslServerCertLog("string")
        .sslServers(SslsshprofileSslServerArgs.builder()
            .ftpsClientCertRequest("string")
            .ftpsClientCertificate("string")
            .httpsClientCertRequest("string")
            .httpsClientCertificate("string")
            .id(0)
            .imapsClientCertRequest("string")
            .imapsClientCertificate("string")
            .ip("string")
            .pop3sClientCertRequest("string")
            .pop3sClientCertificate("string")
            .smtpsClientCertRequest("string")
            .smtpsClientCertificate("string")
            .sslOtherClientCertRequest("string")
            .sslOtherClientCertificate("string")
            .build())
        .supportedAlpn("string")
        .untrustedCaname("string")
        .useSslServer("string")
        .vdomparam("string")
        .whitelist("string")
        .build());
    
    sslsshprofile_resource = fortios.firewall.Sslsshprofile("sslsshprofileResource",
        allowlist="string",
        block_blacklisted_certificates="string",
        block_blocklisted_certificates="string",
        caname="string",
        comment="string",
        dot=fortios.firewall.SslsshprofileDotArgs(
            cert_validation_failure="string",
            cert_validation_timeout="string",
            client_certificate="string",
            expired_server_cert="string",
            proxy_after_tcp_handshake="string",
            quic="string",
            revoked_server_cert="string",
            sni_server_cert_check="string",
            status="string",
            unsupported_ssl_cipher="string",
            unsupported_ssl_negotiation="string",
            unsupported_ssl_version="string",
            untrusted_server_cert="string",
        ),
        dynamic_sort_subtable="string",
        ech_outer_snis=[fortios.firewall.SslsshprofileEchOuterSniArgs(
            name="string",
            sni="string",
        )],
        ftps=fortios.firewall.SslsshprofileFtpsArgs(
            cert_validation_failure="string",
            cert_validation_timeout="string",
            client_cert_request="string",
            client_certificate="string",
            expired_server_cert="string",
            invalid_server_cert="string",
            min_allowed_ssl_version="string",
            ports="string",
            revoked_server_cert="string",
            sni_server_cert_check="string",
            status="string",
            unsupported_ssl="string",
            unsupported_ssl_cipher="string",
            unsupported_ssl_negotiation="string",
            unsupported_ssl_version="string",
            untrusted_server_cert="string",
        ),
        get_all_tables="string",
        https=fortios.firewall.SslsshprofileHttpsArgs(
            cert_probe_failure="string",
            cert_validation_failure="string",
            cert_validation_timeout="string",
            client_cert_request="string",
            client_certificate="string",
            encrypted_client_hello="string",
            expired_server_cert="string",
            invalid_server_cert="string",
            min_allowed_ssl_version="string",
            ports="string",
            proxy_after_tcp_handshake="string",
            quic="string",
            revoked_server_cert="string",
            sni_server_cert_check="string",
            status="string",
            unsupported_ssl="string",
            unsupported_ssl_cipher="string",
            unsupported_ssl_negotiation="string",
            unsupported_ssl_version="string",
            untrusted_server_cert="string",
        ),
        imaps=fortios.firewall.SslsshprofileImapsArgs(
            cert_validation_failure="string",
            cert_validation_timeout="string",
            client_cert_request="string",
            client_certificate="string",
            expired_server_cert="string",
            invalid_server_cert="string",
            ports="string",
            proxy_after_tcp_handshake="string",
            revoked_server_cert="string",
            sni_server_cert_check="string",
            status="string",
            unsupported_ssl="string",
            unsupported_ssl_cipher="string",
            unsupported_ssl_negotiation="string",
            unsupported_ssl_version="string",
            untrusted_server_cert="string",
        ),
        mapi_over_https="string",
        name="string",
        pop3s=fortios.firewall.SslsshprofilePop3sArgs(
            cert_validation_failure="string",
            cert_validation_timeout="string",
            client_cert_request="string",
            client_certificate="string",
            expired_server_cert="string",
            invalid_server_cert="string",
            ports="string",
            proxy_after_tcp_handshake="string",
            revoked_server_cert="string",
            sni_server_cert_check="string",
            status="string",
            unsupported_ssl="string",
            unsupported_ssl_cipher="string",
            unsupported_ssl_negotiation="string",
            unsupported_ssl_version="string",
            untrusted_server_cert="string",
        ),
        rpc_over_https="string",
        server_cert="string",
        server_cert_mode="string",
        smtps=fortios.firewall.SslsshprofileSmtpsArgs(
            cert_validation_failure="string",
            cert_validation_timeout="string",
            client_cert_request="string",
            client_certificate="string",
            expired_server_cert="string",
            invalid_server_cert="string",
            ports="string",
            proxy_after_tcp_handshake="string",
            revoked_server_cert="string",
            sni_server_cert_check="string",
            status="string",
            unsupported_ssl="string",
            unsupported_ssl_cipher="string",
            unsupported_ssl_negotiation="string",
            unsupported_ssl_version="string",
            untrusted_server_cert="string",
        ),
        ssh=fortios.firewall.SslsshprofileSshArgs(
            inspect_all="string",
            ports="string",
            proxy_after_tcp_handshake="string",
            ssh_algorithm="string",
            ssh_policy_check="string",
            ssh_tun_policy_check="string",
            status="string",
            unsupported_version="string",
        ),
        ssl=fortios.firewall.SslsshprofileSslArgs(
            cert_probe_failure="string",
            cert_validation_failure="string",
            cert_validation_timeout="string",
            client_cert_request="string",
            client_certificate="string",
            encrypted_client_hello="string",
            expired_server_cert="string",
            inspect_all="string",
            invalid_server_cert="string",
            min_allowed_ssl_version="string",
            revoked_server_cert="string",
            sni_server_cert_check="string",
            unsupported_ssl="string",
            unsupported_ssl_cipher="string",
            unsupported_ssl_negotiation="string",
            unsupported_ssl_version="string",
            untrusted_server_cert="string",
        ),
        ssl_anomalies_log="string",
        ssl_anomaly_log="string",
        ssl_exemption_ip_rating="string",
        ssl_exemption_log="string",
        ssl_exemptions_log="string",
        ssl_exempts=[fortios.firewall.SslsshprofileSslExemptArgs(
            address="string",
            address6="string",
            fortiguard_category=0,
            id=0,
            regex="string",
            type="string",
            wildcard_fqdn="string",
        )],
        ssl_handshake_log="string",
        ssl_negotiation_log="string",
        ssl_server_cert_log="string",
        ssl_servers=[fortios.firewall.SslsshprofileSslServerArgs(
            ftps_client_cert_request="string",
            ftps_client_certificate="string",
            https_client_cert_request="string",
            https_client_certificate="string",
            id=0,
            imaps_client_cert_request="string",
            imaps_client_certificate="string",
            ip="string",
            pop3s_client_cert_request="string",
            pop3s_client_certificate="string",
            smtps_client_cert_request="string",
            smtps_client_certificate="string",
            ssl_other_client_cert_request="string",
            ssl_other_client_certificate="string",
        )],
        supported_alpn="string",
        untrusted_caname="string",
        use_ssl_server="string",
        vdomparam="string",
        whitelist="string")
    
    const sslsshprofileResource = new fortios.firewall.Sslsshprofile("sslsshprofileResource", {
        allowlist: "string",
        blockBlacklistedCertificates: "string",
        blockBlocklistedCertificates: "string",
        caname: "string",
        comment: "string",
        dot: {
            certValidationFailure: "string",
            certValidationTimeout: "string",
            clientCertificate: "string",
            expiredServerCert: "string",
            proxyAfterTcpHandshake: "string",
            quic: "string",
            revokedServerCert: "string",
            sniServerCertCheck: "string",
            status: "string",
            unsupportedSslCipher: "string",
            unsupportedSslNegotiation: "string",
            unsupportedSslVersion: "string",
            untrustedServerCert: "string",
        },
        dynamicSortSubtable: "string",
        echOuterSnis: [{
            name: "string",
            sni: "string",
        }],
        ftps: {
            certValidationFailure: "string",
            certValidationTimeout: "string",
            clientCertRequest: "string",
            clientCertificate: "string",
            expiredServerCert: "string",
            invalidServerCert: "string",
            minAllowedSslVersion: "string",
            ports: "string",
            revokedServerCert: "string",
            sniServerCertCheck: "string",
            status: "string",
            unsupportedSsl: "string",
            unsupportedSslCipher: "string",
            unsupportedSslNegotiation: "string",
            unsupportedSslVersion: "string",
            untrustedServerCert: "string",
        },
        getAllTables: "string",
        https: {
            certProbeFailure: "string",
            certValidationFailure: "string",
            certValidationTimeout: "string",
            clientCertRequest: "string",
            clientCertificate: "string",
            encryptedClientHello: "string",
            expiredServerCert: "string",
            invalidServerCert: "string",
            minAllowedSslVersion: "string",
            ports: "string",
            proxyAfterTcpHandshake: "string",
            quic: "string",
            revokedServerCert: "string",
            sniServerCertCheck: "string",
            status: "string",
            unsupportedSsl: "string",
            unsupportedSslCipher: "string",
            unsupportedSslNegotiation: "string",
            unsupportedSslVersion: "string",
            untrustedServerCert: "string",
        },
        imaps: {
            certValidationFailure: "string",
            certValidationTimeout: "string",
            clientCertRequest: "string",
            clientCertificate: "string",
            expiredServerCert: "string",
            invalidServerCert: "string",
            ports: "string",
            proxyAfterTcpHandshake: "string",
            revokedServerCert: "string",
            sniServerCertCheck: "string",
            status: "string",
            unsupportedSsl: "string",
            unsupportedSslCipher: "string",
            unsupportedSslNegotiation: "string",
            unsupportedSslVersion: "string",
            untrustedServerCert: "string",
        },
        mapiOverHttps: "string",
        name: "string",
        pop3s: {
            certValidationFailure: "string",
            certValidationTimeout: "string",
            clientCertRequest: "string",
            clientCertificate: "string",
            expiredServerCert: "string",
            invalidServerCert: "string",
            ports: "string",
            proxyAfterTcpHandshake: "string",
            revokedServerCert: "string",
            sniServerCertCheck: "string",
            status: "string",
            unsupportedSsl: "string",
            unsupportedSslCipher: "string",
            unsupportedSslNegotiation: "string",
            unsupportedSslVersion: "string",
            untrustedServerCert: "string",
        },
        rpcOverHttps: "string",
        serverCert: "string",
        serverCertMode: "string",
        smtps: {
            certValidationFailure: "string",
            certValidationTimeout: "string",
            clientCertRequest: "string",
            clientCertificate: "string",
            expiredServerCert: "string",
            invalidServerCert: "string",
            ports: "string",
            proxyAfterTcpHandshake: "string",
            revokedServerCert: "string",
            sniServerCertCheck: "string",
            status: "string",
            unsupportedSsl: "string",
            unsupportedSslCipher: "string",
            unsupportedSslNegotiation: "string",
            unsupportedSslVersion: "string",
            untrustedServerCert: "string",
        },
        ssh: {
            inspectAll: "string",
            ports: "string",
            proxyAfterTcpHandshake: "string",
            sshAlgorithm: "string",
            sshPolicyCheck: "string",
            sshTunPolicyCheck: "string",
            status: "string",
            unsupportedVersion: "string",
        },
        ssl: {
            certProbeFailure: "string",
            certValidationFailure: "string",
            certValidationTimeout: "string",
            clientCertRequest: "string",
            clientCertificate: "string",
            encryptedClientHello: "string",
            expiredServerCert: "string",
            inspectAll: "string",
            invalidServerCert: "string",
            minAllowedSslVersion: "string",
            revokedServerCert: "string",
            sniServerCertCheck: "string",
            unsupportedSsl: "string",
            unsupportedSslCipher: "string",
            unsupportedSslNegotiation: "string",
            unsupportedSslVersion: "string",
            untrustedServerCert: "string",
        },
        sslAnomaliesLog: "string",
        sslAnomalyLog: "string",
        sslExemptionIpRating: "string",
        sslExemptionLog: "string",
        sslExemptionsLog: "string",
        sslExempts: [{
            address: "string",
            address6: "string",
            fortiguardCategory: 0,
            id: 0,
            regex: "string",
            type: "string",
            wildcardFqdn: "string",
        }],
        sslHandshakeLog: "string",
        sslNegotiationLog: "string",
        sslServerCertLog: "string",
        sslServers: [{
            ftpsClientCertRequest: "string",
            ftpsClientCertificate: "string",
            httpsClientCertRequest: "string",
            httpsClientCertificate: "string",
            id: 0,
            imapsClientCertRequest: "string",
            imapsClientCertificate: "string",
            ip: "string",
            pop3sClientCertRequest: "string",
            pop3sClientCertificate: "string",
            smtpsClientCertRequest: "string",
            smtpsClientCertificate: "string",
            sslOtherClientCertRequest: "string",
            sslOtherClientCertificate: "string",
        }],
        supportedAlpn: "string",
        untrustedCaname: "string",
        useSslServer: "string",
        vdomparam: "string",
        whitelist: "string",
    });
    
    type: fortios:firewall:Sslsshprofile
    properties:
        allowlist: string
        blockBlacklistedCertificates: string
        blockBlocklistedCertificates: string
        caname: string
        comment: string
        dot:
            certValidationFailure: string
            certValidationTimeout: string
            clientCertificate: string
            expiredServerCert: string
            proxyAfterTcpHandshake: string
            quic: string
            revokedServerCert: string
            sniServerCertCheck: string
            status: string
            unsupportedSslCipher: string
            unsupportedSslNegotiation: string
            unsupportedSslVersion: string
            untrustedServerCert: string
        dynamicSortSubtable: string
        echOuterSnis:
            - name: string
              sni: string
        ftps:
            certValidationFailure: string
            certValidationTimeout: string
            clientCertRequest: string
            clientCertificate: string
            expiredServerCert: string
            invalidServerCert: string
            minAllowedSslVersion: string
            ports: string
            revokedServerCert: string
            sniServerCertCheck: string
            status: string
            unsupportedSsl: string
            unsupportedSslCipher: string
            unsupportedSslNegotiation: string
            unsupportedSslVersion: string
            untrustedServerCert: string
        getAllTables: string
        https:
            certProbeFailure: string
            certValidationFailure: string
            certValidationTimeout: string
            clientCertRequest: string
            clientCertificate: string
            encryptedClientHello: string
            expiredServerCert: string
            invalidServerCert: string
            minAllowedSslVersion: string
            ports: string
            proxyAfterTcpHandshake: string
            quic: string
            revokedServerCert: string
            sniServerCertCheck: string
            status: string
            unsupportedSsl: string
            unsupportedSslCipher: string
            unsupportedSslNegotiation: string
            unsupportedSslVersion: string
            untrustedServerCert: string
        imaps:
            certValidationFailure: string
            certValidationTimeout: string
            clientCertRequest: string
            clientCertificate: string
            expiredServerCert: string
            invalidServerCert: string
            ports: string
            proxyAfterTcpHandshake: string
            revokedServerCert: string
            sniServerCertCheck: string
            status: string
            unsupportedSsl: string
            unsupportedSslCipher: string
            unsupportedSslNegotiation: string
            unsupportedSslVersion: string
            untrustedServerCert: string
        mapiOverHttps: string
        name: string
        pop3s:
            certValidationFailure: string
            certValidationTimeout: string
            clientCertRequest: string
            clientCertificate: string
            expiredServerCert: string
            invalidServerCert: string
            ports: string
            proxyAfterTcpHandshake: string
            revokedServerCert: string
            sniServerCertCheck: string
            status: string
            unsupportedSsl: string
            unsupportedSslCipher: string
            unsupportedSslNegotiation: string
            unsupportedSslVersion: string
            untrustedServerCert: string
        rpcOverHttps: string
        serverCert: string
        serverCertMode: string
        smtps:
            certValidationFailure: string
            certValidationTimeout: string
            clientCertRequest: string
            clientCertificate: string
            expiredServerCert: string
            invalidServerCert: string
            ports: string
            proxyAfterTcpHandshake: string
            revokedServerCert: string
            sniServerCertCheck: string
            status: string
            unsupportedSsl: string
            unsupportedSslCipher: string
            unsupportedSslNegotiation: string
            unsupportedSslVersion: string
            untrustedServerCert: string
        ssh:
            inspectAll: string
            ports: string
            proxyAfterTcpHandshake: string
            sshAlgorithm: string
            sshPolicyCheck: string
            sshTunPolicyCheck: string
            status: string
            unsupportedVersion: string
        ssl:
            certProbeFailure: string
            certValidationFailure: string
            certValidationTimeout: string
            clientCertRequest: string
            clientCertificate: string
            encryptedClientHello: string
            expiredServerCert: string
            inspectAll: string
            invalidServerCert: string
            minAllowedSslVersion: string
            revokedServerCert: string
            sniServerCertCheck: string
            unsupportedSsl: string
            unsupportedSslCipher: string
            unsupportedSslNegotiation: string
            unsupportedSslVersion: string
            untrustedServerCert: string
        sslAnomaliesLog: string
        sslAnomalyLog: string
        sslExemptionIpRating: string
        sslExemptionLog: string
        sslExemptionsLog: string
        sslExempts:
            - address: string
              address6: string
              fortiguardCategory: 0
              id: 0
              regex: string
              type: string
              wildcardFqdn: string
        sslHandshakeLog: string
        sslNegotiationLog: string
        sslServerCertLog: string
        sslServers:
            - ftpsClientCertRequest: string
              ftpsClientCertificate: string
              httpsClientCertRequest: string
              httpsClientCertificate: string
              id: 0
              imapsClientCertRequest: string
              imapsClientCertificate: string
              ip: string
              pop3sClientCertRequest: string
              pop3sClientCertificate: string
              smtpsClientCertRequest: string
              smtpsClientCertificate: string
              sslOtherClientCertRequest: string
              sslOtherClientCertificate: string
        supportedAlpn: string
        untrustedCaname: string
        useSslServer: string
        vdomparam: string
        whitelist: string
    

    Sslsshprofile Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Sslsshprofile resource accepts the following input properties:

    Allowlist string
    Enable/disable exempting servers by FortiGuard allowlist. Valid values: enable, disable.
    BlockBlacklistedCertificates string
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
    BlockBlocklistedCertificates string
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
    Caname string
    CA certificate used by SSL Inspection.
    Comment string
    Optional comments.
    Dot Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileDot
    Configure DNS over TLS options. The structure of dot block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EchOuterSnis List<Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileEchOuterSni>
    ClientHelloOuter SNIs to be blocked. The structure of ech_outer_sni block is documented below.
    Ftps Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileFtps
    Configure FTPS options. The structure of ftps block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Https Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileHttps
    Configure HTTPS options. The structure of https block is documented below.
    Imaps Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileImaps
    Configure IMAPS options. The structure of imaps block is documented below.
    MapiOverHttps string
    Enable/disable inspection of MAPI over HTTPS. Valid values: enable, disable.
    Name string
    Name.
    Pop3s Pulumiverse.Fortios.Firewall.Inputs.SslsshprofilePop3s
    Configure POP3S options. The structure of pop3s block is documented below.
    RpcOverHttps string
    Enable/disable inspection of RPC over HTTPS. Valid values: enable, disable.
    ServerCert string
    Certificate used by SSL Inspection to replace server certificate.
    ServerCertMode string
    Re-sign or replace the server's certificate. Valid values: re-sign, replace.
    Smtps Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileSmtps
    Configure SMTPS options. The structure of smtps block is documented below.
    Ssh Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileSsh
    Configure SSH options. The structure of ssh block is documented below.
    Ssl Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileSsl
    Configure SSL options. The structure of ssl block is documented below.
    SslAnomaliesLog string
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    SslAnomalyLog string
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    SslExemptionIpRating string
    Enable/disable IP based URL rating. Valid values: enable, disable.
    SslExemptionLog string
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    SslExemptionsLog string
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    SslExempts List<Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileSslExempt>
    Servers to exempt from SSL inspection. The structure of ssl_exempt block is documented below.
    SslHandshakeLog string
    Enable/disable logging of TLS handshakes. Valid values: disable, enable.
    SslNegotiationLog string
    Enable/disable logging SSL negotiation. Valid values: disable, enable.
    SslServerCertLog string
    Enable/disable logging of server certificate information. Valid values: disable, enable.
    SslServers List<Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileSslServer>
    SSL servers. The structure of ssl_server block is documented below.
    SupportedAlpn string
    Configure ALPN option. Valid values: http1-1, http2, all, none.
    UntrustedCaname string
    Untrusted CA certificate used by SSL Inspection.
    UseSslServer string
    Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    Whitelist string
    Enable/disable exempting servers by FortiGuard whitelist. Valid values: enable, disable.
    Allowlist string
    Enable/disable exempting servers by FortiGuard allowlist. Valid values: enable, disable.
    BlockBlacklistedCertificates string
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
    BlockBlocklistedCertificates string
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
    Caname string
    CA certificate used by SSL Inspection.
    Comment string
    Optional comments.
    Dot SslsshprofileDotArgs
    Configure DNS over TLS options. The structure of dot block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EchOuterSnis []SslsshprofileEchOuterSniArgs
    ClientHelloOuter SNIs to be blocked. The structure of ech_outer_sni block is documented below.
    Ftps SslsshprofileFtpsArgs
    Configure FTPS options. The structure of ftps block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Https SslsshprofileHttpsArgs
    Configure HTTPS options. The structure of https block is documented below.
    Imaps SslsshprofileImapsArgs
    Configure IMAPS options. The structure of imaps block is documented below.
    MapiOverHttps string
    Enable/disable inspection of MAPI over HTTPS. Valid values: enable, disable.
    Name string
    Name.
    Pop3s SslsshprofilePop3sArgs
    Configure POP3S options. The structure of pop3s block is documented below.
    RpcOverHttps string
    Enable/disable inspection of RPC over HTTPS. Valid values: enable, disable.
    ServerCert string
    Certificate used by SSL Inspection to replace server certificate.
    ServerCertMode string
    Re-sign or replace the server's certificate. Valid values: re-sign, replace.
    Smtps SslsshprofileSmtpsArgs
    Configure SMTPS options. The structure of smtps block is documented below.
    Ssh SslsshprofileSshArgs
    Configure SSH options. The structure of ssh block is documented below.
    Ssl SslsshprofileSslArgs
    Configure SSL options. The structure of ssl block is documented below.
    SslAnomaliesLog string
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    SslAnomalyLog string
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    SslExemptionIpRating string
    Enable/disable IP based URL rating. Valid values: enable, disable.
    SslExemptionLog string
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    SslExemptionsLog string
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    SslExempts []SslsshprofileSslExemptArgs
    Servers to exempt from SSL inspection. The structure of ssl_exempt block is documented below.
    SslHandshakeLog string
    Enable/disable logging of TLS handshakes. Valid values: disable, enable.
    SslNegotiationLog string
    Enable/disable logging SSL negotiation. Valid values: disable, enable.
    SslServerCertLog string
    Enable/disable logging of server certificate information. Valid values: disable, enable.
    SslServers []SslsshprofileSslServerArgs
    SSL servers. The structure of ssl_server block is documented below.
    SupportedAlpn string
    Configure ALPN option. Valid values: http1-1, http2, all, none.
    UntrustedCaname string
    Untrusted CA certificate used by SSL Inspection.
    UseSslServer string
    Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    Whitelist string
    Enable/disable exempting servers by FortiGuard whitelist. Valid values: enable, disable.
    allowlist String
    Enable/disable exempting servers by FortiGuard allowlist. Valid values: enable, disable.
    blockBlacklistedCertificates String
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
    blockBlocklistedCertificates String
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
    caname String
    CA certificate used by SSL Inspection.
    comment String
    Optional comments.
    dot SslsshprofileDot
    Configure DNS over TLS options. The structure of dot block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    echOuterSnis List<SslsshprofileEchOuterSni>
    ClientHelloOuter SNIs to be blocked. The structure of ech_outer_sni block is documented below.
    ftps SslsshprofileFtps
    Configure FTPS options. The structure of ftps block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    https SslsshprofileHttps
    Configure HTTPS options. The structure of https block is documented below.
    imaps SslsshprofileImaps
    Configure IMAPS options. The structure of imaps block is documented below.
    mapiOverHttps String
    Enable/disable inspection of MAPI over HTTPS. Valid values: enable, disable.
    name String
    Name.
    pop3s SslsshprofilePop3s
    Configure POP3S options. The structure of pop3s block is documented below.
    rpcOverHttps String
    Enable/disable inspection of RPC over HTTPS. Valid values: enable, disable.
    serverCert String
    Certificate used by SSL Inspection to replace server certificate.
    serverCertMode String
    Re-sign or replace the server's certificate. Valid values: re-sign, replace.
    smtps SslsshprofileSmtps
    Configure SMTPS options. The structure of smtps block is documented below.
    ssh SslsshprofileSsh
    Configure SSH options. The structure of ssh block is documented below.
    ssl SslsshprofileSsl
    Configure SSL options. The structure of ssl block is documented below.
    sslAnomaliesLog String
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    sslAnomalyLog String
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    sslExemptionIpRating String
    Enable/disable IP based URL rating. Valid values: enable, disable.
    sslExemptionLog String
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    sslExemptionsLog String
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    sslExempts List<SslsshprofileSslExempt>
    Servers to exempt from SSL inspection. The structure of ssl_exempt block is documented below.
    sslHandshakeLog String
    Enable/disable logging of TLS handshakes. Valid values: disable, enable.
    sslNegotiationLog String
    Enable/disable logging SSL negotiation. Valid values: disable, enable.
    sslServerCertLog String
    Enable/disable logging of server certificate information. Valid values: disable, enable.
    sslServers List<SslsshprofileSslServer>
    SSL servers. The structure of ssl_server block is documented below.
    supportedAlpn String
    Configure ALPN option. Valid values: http1-1, http2, all, none.
    untrustedCaname String
    Untrusted CA certificate used by SSL Inspection.
    useSslServer String
    Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    whitelist String
    Enable/disable exempting servers by FortiGuard whitelist. Valid values: enable, disable.
    allowlist string
    Enable/disable exempting servers by FortiGuard allowlist. Valid values: enable, disable.
    blockBlacklistedCertificates string
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
    blockBlocklistedCertificates string
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
    caname string
    CA certificate used by SSL Inspection.
    comment string
    Optional comments.
    dot SslsshprofileDot
    Configure DNS over TLS options. The structure of dot block is documented below.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    echOuterSnis SslsshprofileEchOuterSni[]
    ClientHelloOuter SNIs to be blocked. The structure of ech_outer_sni block is documented below.
    ftps SslsshprofileFtps
    Configure FTPS options. The structure of ftps block is documented below.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    https SslsshprofileHttps
    Configure HTTPS options. The structure of https block is documented below.
    imaps SslsshprofileImaps
    Configure IMAPS options. The structure of imaps block is documented below.
    mapiOverHttps string
    Enable/disable inspection of MAPI over HTTPS. Valid values: enable, disable.
    name string
    Name.
    pop3s SslsshprofilePop3s
    Configure POP3S options. The structure of pop3s block is documented below.
    rpcOverHttps string
    Enable/disable inspection of RPC over HTTPS. Valid values: enable, disable.
    serverCert string
    Certificate used by SSL Inspection to replace server certificate.
    serverCertMode string
    Re-sign or replace the server's certificate. Valid values: re-sign, replace.
    smtps SslsshprofileSmtps
    Configure SMTPS options. The structure of smtps block is documented below.
    ssh SslsshprofileSsh
    Configure SSH options. The structure of ssh block is documented below.
    ssl SslsshprofileSsl
    Configure SSL options. The structure of ssl block is documented below.
    sslAnomaliesLog string
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    sslAnomalyLog string
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    sslExemptionIpRating string
    Enable/disable IP based URL rating. Valid values: enable, disable.
    sslExemptionLog string
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    sslExemptionsLog string
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    sslExempts SslsshprofileSslExempt[]
    Servers to exempt from SSL inspection. The structure of ssl_exempt block is documented below.
    sslHandshakeLog string
    Enable/disable logging of TLS handshakes. Valid values: disable, enable.
    sslNegotiationLog string
    Enable/disable logging SSL negotiation. Valid values: disable, enable.
    sslServerCertLog string
    Enable/disable logging of server certificate information. Valid values: disable, enable.
    sslServers SslsshprofileSslServer[]
    SSL servers. The structure of ssl_server block is documented below.
    supportedAlpn string
    Configure ALPN option. Valid values: http1-1, http2, all, none.
    untrustedCaname string
    Untrusted CA certificate used by SSL Inspection.
    useSslServer string
    Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    whitelist string
    Enable/disable exempting servers by FortiGuard whitelist. Valid values: enable, disable.
    allowlist str
    Enable/disable exempting servers by FortiGuard allowlist. Valid values: enable, disable.
    block_blacklisted_certificates str
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
    block_blocklisted_certificates str
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
    caname str
    CA certificate used by SSL Inspection.
    comment str
    Optional comments.
    dot SslsshprofileDotArgs
    Configure DNS over TLS options. The structure of dot block is documented below.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    ech_outer_snis Sequence[SslsshprofileEchOuterSniArgs]
    ClientHelloOuter SNIs to be blocked. The structure of ech_outer_sni block is documented below.
    ftps SslsshprofileFtpsArgs
    Configure FTPS options. The structure of ftps block is documented below.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    https SslsshprofileHttpsArgs
    Configure HTTPS options. The structure of https block is documented below.
    imaps SslsshprofileImapsArgs
    Configure IMAPS options. The structure of imaps block is documented below.
    mapi_over_https str
    Enable/disable inspection of MAPI over HTTPS. Valid values: enable, disable.
    name str
    Name.
    pop3s SslsshprofilePop3sArgs
    Configure POP3S options. The structure of pop3s block is documented below.
    rpc_over_https str
    Enable/disable inspection of RPC over HTTPS. Valid values: enable, disable.
    server_cert str
    Certificate used by SSL Inspection to replace server certificate.
    server_cert_mode str
    Re-sign or replace the server's certificate. Valid values: re-sign, replace.
    smtps SslsshprofileSmtpsArgs
    Configure SMTPS options. The structure of smtps block is documented below.
    ssh SslsshprofileSshArgs
    Configure SSH options. The structure of ssh block is documented below.
    ssl SslsshprofileSslArgs
    Configure SSL options. The structure of ssl block is documented below.
    ssl_anomalies_log str
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    ssl_anomaly_log str
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    ssl_exemption_ip_rating str
    Enable/disable IP based URL rating. Valid values: enable, disable.
    ssl_exemption_log str
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    ssl_exemptions_log str
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    ssl_exempts Sequence[SslsshprofileSslExemptArgs]
    Servers to exempt from SSL inspection. The structure of ssl_exempt block is documented below.
    ssl_handshake_log str
    Enable/disable logging of TLS handshakes. Valid values: disable, enable.
    ssl_negotiation_log str
    Enable/disable logging SSL negotiation. Valid values: disable, enable.
    ssl_server_cert_log str
    Enable/disable logging of server certificate information. Valid values: disable, enable.
    ssl_servers Sequence[SslsshprofileSslServerArgs]
    SSL servers. The structure of ssl_server block is documented below.
    supported_alpn str
    Configure ALPN option. Valid values: http1-1, http2, all, none.
    untrusted_caname str
    Untrusted CA certificate used by SSL Inspection.
    use_ssl_server str
    Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    whitelist str
    Enable/disable exempting servers by FortiGuard whitelist. Valid values: enable, disable.
    allowlist String
    Enable/disable exempting servers by FortiGuard allowlist. Valid values: enable, disable.
    blockBlacklistedCertificates String
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
    blockBlocklistedCertificates String
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
    caname String
    CA certificate used by SSL Inspection.
    comment String
    Optional comments.
    dot Property Map
    Configure DNS over TLS options. The structure of dot block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    echOuterSnis List<Property Map>
    ClientHelloOuter SNIs to be blocked. The structure of ech_outer_sni block is documented below.
    ftps Property Map
    Configure FTPS options. The structure of ftps block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    https Property Map
    Configure HTTPS options. The structure of https block is documented below.
    imaps Property Map
    Configure IMAPS options. The structure of imaps block is documented below.
    mapiOverHttps String
    Enable/disable inspection of MAPI over HTTPS. Valid values: enable, disable.
    name String
    Name.
    pop3s Property Map
    Configure POP3S options. The structure of pop3s block is documented below.
    rpcOverHttps String
    Enable/disable inspection of RPC over HTTPS. Valid values: enable, disable.
    serverCert String
    Certificate used by SSL Inspection to replace server certificate.
    serverCertMode String
    Re-sign or replace the server's certificate. Valid values: re-sign, replace.
    smtps Property Map
    Configure SMTPS options. The structure of smtps block is documented below.
    ssh Property Map
    Configure SSH options. The structure of ssh block is documented below.
    ssl Property Map
    Configure SSL options. The structure of ssl block is documented below.
    sslAnomaliesLog String
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    sslAnomalyLog String
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    sslExemptionIpRating String
    Enable/disable IP based URL rating. Valid values: enable, disable.
    sslExemptionLog String
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    sslExemptionsLog String
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    sslExempts List<Property Map>
    Servers to exempt from SSL inspection. The structure of ssl_exempt block is documented below.
    sslHandshakeLog String
    Enable/disable logging of TLS handshakes. Valid values: disable, enable.
    sslNegotiationLog String
    Enable/disable logging SSL negotiation. Valid values: disable, enable.
    sslServerCertLog String
    Enable/disable logging of server certificate information. Valid values: disable, enable.
    sslServers List<Property Map>
    SSL servers. The structure of ssl_server block is documented below.
    supportedAlpn String
    Configure ALPN option. Valid values: http1-1, http2, all, none.
    untrustedCaname String
    Untrusted CA certificate used by SSL Inspection.
    useSslServer String
    Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    whitelist String
    Enable/disable exempting servers by FortiGuard whitelist. Valid values: enable, disable.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Sslsshprofile resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Sslsshprofile Resource

    Get an existing Sslsshprofile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SslsshprofileState, opts?: CustomResourceOptions): Sslsshprofile
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allowlist: Optional[str] = None,
            block_blacklisted_certificates: Optional[str] = None,
            block_blocklisted_certificates: Optional[str] = None,
            caname: Optional[str] = None,
            comment: Optional[str] = None,
            dot: Optional[SslsshprofileDotArgs] = None,
            dynamic_sort_subtable: Optional[str] = None,
            ech_outer_snis: Optional[Sequence[SslsshprofileEchOuterSniArgs]] = None,
            ftps: Optional[SslsshprofileFtpsArgs] = None,
            get_all_tables: Optional[str] = None,
            https: Optional[SslsshprofileHttpsArgs] = None,
            imaps: Optional[SslsshprofileImapsArgs] = None,
            mapi_over_https: Optional[str] = None,
            name: Optional[str] = None,
            pop3s: Optional[SslsshprofilePop3sArgs] = None,
            rpc_over_https: Optional[str] = None,
            server_cert: Optional[str] = None,
            server_cert_mode: Optional[str] = None,
            smtps: Optional[SslsshprofileSmtpsArgs] = None,
            ssh: Optional[SslsshprofileSshArgs] = None,
            ssl: Optional[SslsshprofileSslArgs] = None,
            ssl_anomalies_log: Optional[str] = None,
            ssl_anomaly_log: Optional[str] = None,
            ssl_exemption_ip_rating: Optional[str] = None,
            ssl_exemption_log: Optional[str] = None,
            ssl_exemptions_log: Optional[str] = None,
            ssl_exempts: Optional[Sequence[SslsshprofileSslExemptArgs]] = None,
            ssl_handshake_log: Optional[str] = None,
            ssl_negotiation_log: Optional[str] = None,
            ssl_server_cert_log: Optional[str] = None,
            ssl_servers: Optional[Sequence[SslsshprofileSslServerArgs]] = None,
            supported_alpn: Optional[str] = None,
            untrusted_caname: Optional[str] = None,
            use_ssl_server: Optional[str] = None,
            vdomparam: Optional[str] = None,
            whitelist: Optional[str] = None) -> Sslsshprofile
    func GetSslsshprofile(ctx *Context, name string, id IDInput, state *SslsshprofileState, opts ...ResourceOption) (*Sslsshprofile, error)
    public static Sslsshprofile Get(string name, Input<string> id, SslsshprofileState? state, CustomResourceOptions? opts = null)
    public static Sslsshprofile get(String name, Output<String> id, SslsshprofileState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Allowlist string
    Enable/disable exempting servers by FortiGuard allowlist. Valid values: enable, disable.
    BlockBlacklistedCertificates string
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
    BlockBlocklistedCertificates string
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
    Caname string
    CA certificate used by SSL Inspection.
    Comment string
    Optional comments.
    Dot Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileDot
    Configure DNS over TLS options. The structure of dot block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EchOuterSnis List<Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileEchOuterSni>
    ClientHelloOuter SNIs to be blocked. The structure of ech_outer_sni block is documented below.
    Ftps Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileFtps
    Configure FTPS options. The structure of ftps block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Https Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileHttps
    Configure HTTPS options. The structure of https block is documented below.
    Imaps Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileImaps
    Configure IMAPS options. The structure of imaps block is documented below.
    MapiOverHttps string
    Enable/disable inspection of MAPI over HTTPS. Valid values: enable, disable.
    Name string
    Name.
    Pop3s Pulumiverse.Fortios.Firewall.Inputs.SslsshprofilePop3s
    Configure POP3S options. The structure of pop3s block is documented below.
    RpcOverHttps string
    Enable/disable inspection of RPC over HTTPS. Valid values: enable, disable.
    ServerCert string
    Certificate used by SSL Inspection to replace server certificate.
    ServerCertMode string
    Re-sign or replace the server's certificate. Valid values: re-sign, replace.
    Smtps Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileSmtps
    Configure SMTPS options. The structure of smtps block is documented below.
    Ssh Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileSsh
    Configure SSH options. The structure of ssh block is documented below.
    Ssl Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileSsl
    Configure SSL options. The structure of ssl block is documented below.
    SslAnomaliesLog string
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    SslAnomalyLog string
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    SslExemptionIpRating string
    Enable/disable IP based URL rating. Valid values: enable, disable.
    SslExemptionLog string
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    SslExemptionsLog string
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    SslExempts List<Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileSslExempt>
    Servers to exempt from SSL inspection. The structure of ssl_exempt block is documented below.
    SslHandshakeLog string
    Enable/disable logging of TLS handshakes. Valid values: disable, enable.
    SslNegotiationLog string
    Enable/disable logging SSL negotiation. Valid values: disable, enable.
    SslServerCertLog string
    Enable/disable logging of server certificate information. Valid values: disable, enable.
    SslServers List<Pulumiverse.Fortios.Firewall.Inputs.SslsshprofileSslServer>
    SSL servers. The structure of ssl_server block is documented below.
    SupportedAlpn string
    Configure ALPN option. Valid values: http1-1, http2, all, none.
    UntrustedCaname string
    Untrusted CA certificate used by SSL Inspection.
    UseSslServer string
    Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    Whitelist string
    Enable/disable exempting servers by FortiGuard whitelist. Valid values: enable, disable.
    Allowlist string
    Enable/disable exempting servers by FortiGuard allowlist. Valid values: enable, disable.
    BlockBlacklistedCertificates string
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
    BlockBlocklistedCertificates string
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
    Caname string
    CA certificate used by SSL Inspection.
    Comment string
    Optional comments.
    Dot SslsshprofileDotArgs
    Configure DNS over TLS options. The structure of dot block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EchOuterSnis []SslsshprofileEchOuterSniArgs
    ClientHelloOuter SNIs to be blocked. The structure of ech_outer_sni block is documented below.
    Ftps SslsshprofileFtpsArgs
    Configure FTPS options. The structure of ftps block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Https SslsshprofileHttpsArgs
    Configure HTTPS options. The structure of https block is documented below.
    Imaps SslsshprofileImapsArgs
    Configure IMAPS options. The structure of imaps block is documented below.
    MapiOverHttps string
    Enable/disable inspection of MAPI over HTTPS. Valid values: enable, disable.
    Name string
    Name.
    Pop3s SslsshprofilePop3sArgs
    Configure POP3S options. The structure of pop3s block is documented below.
    RpcOverHttps string
    Enable/disable inspection of RPC over HTTPS. Valid values: enable, disable.
    ServerCert string
    Certificate used by SSL Inspection to replace server certificate.
    ServerCertMode string
    Re-sign or replace the server's certificate. Valid values: re-sign, replace.
    Smtps SslsshprofileSmtpsArgs
    Configure SMTPS options. The structure of smtps block is documented below.
    Ssh SslsshprofileSshArgs
    Configure SSH options. The structure of ssh block is documented below.
    Ssl SslsshprofileSslArgs
    Configure SSL options. The structure of ssl block is documented below.
    SslAnomaliesLog string
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    SslAnomalyLog string
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    SslExemptionIpRating string
    Enable/disable IP based URL rating. Valid values: enable, disable.
    SslExemptionLog string
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    SslExemptionsLog string
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    SslExempts []SslsshprofileSslExemptArgs
    Servers to exempt from SSL inspection. The structure of ssl_exempt block is documented below.
    SslHandshakeLog string
    Enable/disable logging of TLS handshakes. Valid values: disable, enable.
    SslNegotiationLog string
    Enable/disable logging SSL negotiation. Valid values: disable, enable.
    SslServerCertLog string
    Enable/disable logging of server certificate information. Valid values: disable, enable.
    SslServers []SslsshprofileSslServerArgs
    SSL servers. The structure of ssl_server block is documented below.
    SupportedAlpn string
    Configure ALPN option. Valid values: http1-1, http2, all, none.
    UntrustedCaname string
    Untrusted CA certificate used by SSL Inspection.
    UseSslServer string
    Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    Whitelist string
    Enable/disable exempting servers by FortiGuard whitelist. Valid values: enable, disable.
    allowlist String
    Enable/disable exempting servers by FortiGuard allowlist. Valid values: enable, disable.
    blockBlacklistedCertificates String
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
    blockBlocklistedCertificates String
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
    caname String
    CA certificate used by SSL Inspection.
    comment String
    Optional comments.
    dot SslsshprofileDot
    Configure DNS over TLS options. The structure of dot block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    echOuterSnis List<SslsshprofileEchOuterSni>
    ClientHelloOuter SNIs to be blocked. The structure of ech_outer_sni block is documented below.
    ftps SslsshprofileFtps
    Configure FTPS options. The structure of ftps block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    https SslsshprofileHttps
    Configure HTTPS options. The structure of https block is documented below.
    imaps SslsshprofileImaps
    Configure IMAPS options. The structure of imaps block is documented below.
    mapiOverHttps String
    Enable/disable inspection of MAPI over HTTPS. Valid values: enable, disable.
    name String
    Name.
    pop3s SslsshprofilePop3s
    Configure POP3S options. The structure of pop3s block is documented below.
    rpcOverHttps String
    Enable/disable inspection of RPC over HTTPS. Valid values: enable, disable.
    serverCert String
    Certificate used by SSL Inspection to replace server certificate.
    serverCertMode String
    Re-sign or replace the server's certificate. Valid values: re-sign, replace.
    smtps SslsshprofileSmtps
    Configure SMTPS options. The structure of smtps block is documented below.
    ssh SslsshprofileSsh
    Configure SSH options. The structure of ssh block is documented below.
    ssl SslsshprofileSsl
    Configure SSL options. The structure of ssl block is documented below.
    sslAnomaliesLog String
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    sslAnomalyLog String
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    sslExemptionIpRating String
    Enable/disable IP based URL rating. Valid values: enable, disable.
    sslExemptionLog String
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    sslExemptionsLog String
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    sslExempts List<SslsshprofileSslExempt>
    Servers to exempt from SSL inspection. The structure of ssl_exempt block is documented below.
    sslHandshakeLog String
    Enable/disable logging of TLS handshakes. Valid values: disable, enable.
    sslNegotiationLog String
    Enable/disable logging SSL negotiation. Valid values: disable, enable.
    sslServerCertLog String
    Enable/disable logging of server certificate information. Valid values: disable, enable.
    sslServers List<SslsshprofileSslServer>
    SSL servers. The structure of ssl_server block is documented below.
    supportedAlpn String
    Configure ALPN option. Valid values: http1-1, http2, all, none.
    untrustedCaname String
    Untrusted CA certificate used by SSL Inspection.
    useSslServer String
    Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    whitelist String
    Enable/disable exempting servers by FortiGuard whitelist. Valid values: enable, disable.
    allowlist string
    Enable/disable exempting servers by FortiGuard allowlist. Valid values: enable, disable.
    blockBlacklistedCertificates string
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
    blockBlocklistedCertificates string
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
    caname string
    CA certificate used by SSL Inspection.
    comment string
    Optional comments.
    dot SslsshprofileDot
    Configure DNS over TLS options. The structure of dot block is documented below.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    echOuterSnis SslsshprofileEchOuterSni[]
    ClientHelloOuter SNIs to be blocked. The structure of ech_outer_sni block is documented below.
    ftps SslsshprofileFtps
    Configure FTPS options. The structure of ftps block is documented below.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    https SslsshprofileHttps
    Configure HTTPS options. The structure of https block is documented below.
    imaps SslsshprofileImaps
    Configure IMAPS options. The structure of imaps block is documented below.
    mapiOverHttps string
    Enable/disable inspection of MAPI over HTTPS. Valid values: enable, disable.
    name string
    Name.
    pop3s SslsshprofilePop3s
    Configure POP3S options. The structure of pop3s block is documented below.
    rpcOverHttps string
    Enable/disable inspection of RPC over HTTPS. Valid values: enable, disable.
    serverCert string
    Certificate used by SSL Inspection to replace server certificate.
    serverCertMode string
    Re-sign or replace the server's certificate. Valid values: re-sign, replace.
    smtps SslsshprofileSmtps
    Configure SMTPS options. The structure of smtps block is documented below.
    ssh SslsshprofileSsh
    Configure SSH options. The structure of ssh block is documented below.
    ssl SslsshprofileSsl
    Configure SSL options. The structure of ssl block is documented below.
    sslAnomaliesLog string
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    sslAnomalyLog string
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    sslExemptionIpRating string
    Enable/disable IP based URL rating. Valid values: enable, disable.
    sslExemptionLog string
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    sslExemptionsLog string
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    sslExempts SslsshprofileSslExempt[]
    Servers to exempt from SSL inspection. The structure of ssl_exempt block is documented below.
    sslHandshakeLog string
    Enable/disable logging of TLS handshakes. Valid values: disable, enable.
    sslNegotiationLog string
    Enable/disable logging SSL negotiation. Valid values: disable, enable.
    sslServerCertLog string
    Enable/disable logging of server certificate information. Valid values: disable, enable.
    sslServers SslsshprofileSslServer[]
    SSL servers. The structure of ssl_server block is documented below.
    supportedAlpn string
    Configure ALPN option. Valid values: http1-1, http2, all, none.
    untrustedCaname string
    Untrusted CA certificate used by SSL Inspection.
    useSslServer string
    Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    whitelist string
    Enable/disable exempting servers by FortiGuard whitelist. Valid values: enable, disable.
    allowlist str
    Enable/disable exempting servers by FortiGuard allowlist. Valid values: enable, disable.
    block_blacklisted_certificates str
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
    block_blocklisted_certificates str
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
    caname str
    CA certificate used by SSL Inspection.
    comment str
    Optional comments.
    dot SslsshprofileDotArgs
    Configure DNS over TLS options. The structure of dot block is documented below.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    ech_outer_snis Sequence[SslsshprofileEchOuterSniArgs]
    ClientHelloOuter SNIs to be blocked. The structure of ech_outer_sni block is documented below.
    ftps SslsshprofileFtpsArgs
    Configure FTPS options. The structure of ftps block is documented below.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    https SslsshprofileHttpsArgs
    Configure HTTPS options. The structure of https block is documented below.
    imaps SslsshprofileImapsArgs
    Configure IMAPS options. The structure of imaps block is documented below.
    mapi_over_https str
    Enable/disable inspection of MAPI over HTTPS. Valid values: enable, disable.
    name str
    Name.
    pop3s SslsshprofilePop3sArgs
    Configure POP3S options. The structure of pop3s block is documented below.
    rpc_over_https str
    Enable/disable inspection of RPC over HTTPS. Valid values: enable, disable.
    server_cert str
    Certificate used by SSL Inspection to replace server certificate.
    server_cert_mode str
    Re-sign or replace the server's certificate. Valid values: re-sign, replace.
    smtps SslsshprofileSmtpsArgs
    Configure SMTPS options. The structure of smtps block is documented below.
    ssh SslsshprofileSshArgs
    Configure SSH options. The structure of ssh block is documented below.
    ssl SslsshprofileSslArgs
    Configure SSL options. The structure of ssl block is documented below.
    ssl_anomalies_log str
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    ssl_anomaly_log str
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    ssl_exemption_ip_rating str
    Enable/disable IP based URL rating. Valid values: enable, disable.
    ssl_exemption_log str
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    ssl_exemptions_log str
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    ssl_exempts Sequence[SslsshprofileSslExemptArgs]
    Servers to exempt from SSL inspection. The structure of ssl_exempt block is documented below.
    ssl_handshake_log str
    Enable/disable logging of TLS handshakes. Valid values: disable, enable.
    ssl_negotiation_log str
    Enable/disable logging SSL negotiation. Valid values: disable, enable.
    ssl_server_cert_log str
    Enable/disable logging of server certificate information. Valid values: disable, enable.
    ssl_servers Sequence[SslsshprofileSslServerArgs]
    SSL servers. The structure of ssl_server block is documented below.
    supported_alpn str
    Configure ALPN option. Valid values: http1-1, http2, all, none.
    untrusted_caname str
    Untrusted CA certificate used by SSL Inspection.
    use_ssl_server str
    Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    whitelist str
    Enable/disable exempting servers by FortiGuard whitelist. Valid values: enable, disable.
    allowlist String
    Enable/disable exempting servers by FortiGuard allowlist. Valid values: enable, disable.
    blockBlacklistedCertificates String
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: disable, enable.
    blockBlocklistedCertificates String
    Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. Valid values: disable, enable.
    caname String
    CA certificate used by SSL Inspection.
    comment String
    Optional comments.
    dot Property Map
    Configure DNS over TLS options. The structure of dot block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    echOuterSnis List<Property Map>
    ClientHelloOuter SNIs to be blocked. The structure of ech_outer_sni block is documented below.
    ftps Property Map
    Configure FTPS options. The structure of ftps block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    https Property Map
    Configure HTTPS options. The structure of https block is documented below.
    imaps Property Map
    Configure IMAPS options. The structure of imaps block is documented below.
    mapiOverHttps String
    Enable/disable inspection of MAPI over HTTPS. Valid values: enable, disable.
    name String
    Name.
    pop3s Property Map
    Configure POP3S options. The structure of pop3s block is documented below.
    rpcOverHttps String
    Enable/disable inspection of RPC over HTTPS. Valid values: enable, disable.
    serverCert String
    Certificate used by SSL Inspection to replace server certificate.
    serverCertMode String
    Re-sign or replace the server's certificate. Valid values: re-sign, replace.
    smtps Property Map
    Configure SMTPS options. The structure of smtps block is documented below.
    ssh Property Map
    Configure SSH options. The structure of ssh block is documented below.
    ssl Property Map
    Configure SSL options. The structure of ssl block is documented below.
    sslAnomaliesLog String
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    sslAnomalyLog String
    Enable/disable logging SSL anomalies. Valid values: disable, enable.
    sslExemptionIpRating String
    Enable/disable IP based URL rating. Valid values: enable, disable.
    sslExemptionLog String
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    sslExemptionsLog String
    Enable/disable logging SSL exemptions. Valid values: disable, enable.
    sslExempts List<Property Map>
    Servers to exempt from SSL inspection. The structure of ssl_exempt block is documented below.
    sslHandshakeLog String
    Enable/disable logging of TLS handshakes. Valid values: disable, enable.
    sslNegotiationLog String
    Enable/disable logging SSL negotiation. Valid values: disable, enable.
    sslServerCertLog String
    Enable/disable logging of server certificate information. Valid values: disable, enable.
    sslServers List<Property Map>
    SSL servers. The structure of ssl_server block is documented below.
    supportedAlpn String
    Configure ALPN option. Valid values: http1-1, http2, all, none.
    untrustedCaname String
    Untrusted CA certificate used by SSL Inspection.
    useSslServer String
    Enable/disable the use of SSL server table for SSL offloading. Valid values: disable, enable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    whitelist String
    Enable/disable exempting servers by FortiGuard whitelist. Valid values: enable, disable.

    Supporting Types

    SslsshprofileDot, SslsshprofileDotArgs

    CertValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    CertValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    ClientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    ExpiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    ProxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    Quic string
    QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
    RevokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    SniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    Status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    UnsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    UnsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    UnsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    UntrustedServerCert string
    Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
    CertValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    CertValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    ClientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    ExpiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    ProxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    Quic string
    QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
    RevokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    SniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    Status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    UnsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    UnsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    UnsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    UntrustedServerCert string
    Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
    certValidationFailure String
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout String
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertificate String
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expiredServerCert String
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    proxyAfterTcpHandshake String
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    quic String
    QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
    revokedServerCert String
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck String
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status String
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedSslCipher String
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation String
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion String
    Action based on the SSL version used being unsupported.
    untrustedServerCert String
    Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
    certValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    proxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    quic string
    QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
    revokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    untrustedServerCert string
    Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
    cert_validation_failure str
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    cert_validation_timeout str
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    client_certificate str
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expired_server_cert str
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    proxy_after_tcp_handshake str
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    quic str
    QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
    revoked_server_cert str
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sni_server_cert_check str
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status str
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupported_ssl_cipher str
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupported_ssl_negotiation str
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupported_ssl_version str
    Action based on the SSL version used being unsupported.
    untrusted_server_cert str
    Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.
    certValidationFailure String
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout String
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertificate String
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expiredServerCert String
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    proxyAfterTcpHandshake String
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    quic String
    QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
    revokedServerCert String
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck String
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status String
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedSslCipher String
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation String
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion String
    Action based on the SSL version used being unsupported.
    untrustedServerCert String
    Action based on server certificate is not issued by a trusted CA. Valid values: allow, block, ignore.

    SslsshprofileEchOuterSni, SslsshprofileEchOuterSniArgs

    Name string
    ClientHelloOuter SNI name.
    Sni string
    ClientHelloOuter SNI to be blocked.
    Name string
    ClientHelloOuter SNI name.
    Sni string
    ClientHelloOuter SNI to be blocked.
    name String
    ClientHelloOuter SNI name.
    sni String
    ClientHelloOuter SNI to be blocked.
    name string
    ClientHelloOuter SNI name.
    sni string
    ClientHelloOuter SNI to be blocked.
    name str
    ClientHelloOuter SNI name.
    sni str
    ClientHelloOuter SNI to be blocked.
    name String
    ClientHelloOuter SNI name.
    sni String
    ClientHelloOuter SNI to be blocked.

    SslsshprofileFtps, SslsshprofileFtpsArgs

    CertValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    CertValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    ClientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    ClientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    ExpiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    InvalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    MinAllowedSslVersion string
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    Ports string
    Ports to use for scanning (1 - 65535, default = 443).
    RevokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    SniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    Status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    UnsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    UnsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    UnsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    UnsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    UntrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    CertValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    CertValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    ClientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    ClientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    ExpiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    InvalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    MinAllowedSslVersion string
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    Ports string
    Ports to use for scanning (1 - 65535, default = 443).
    RevokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    SniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    Status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    UnsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    UnsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    UnsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    UnsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    UntrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certValidationFailure String
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout String
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest String
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate String
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expiredServerCert String
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalidServerCert String
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    minAllowedSslVersion String
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    ports String
    Ports to use for scanning (1 - 65535, default = 443).
    revokedServerCert String
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck String
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status String
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedSsl String
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher String
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation String
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion String
    Action based on the SSL version used being unsupported.
    untrustedServerCert String
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    minAllowedSslVersion string
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    ports string
    Ports to use for scanning (1 - 65535, default = 443).
    revokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    untrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    cert_validation_failure str
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    cert_validation_timeout str
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    client_cert_request str
    Action based on client certificate request. Valid values: bypass, inspect, block.
    client_certificate str
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expired_server_cert str
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalid_server_cert str
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    min_allowed_ssl_version str
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    ports str
    Ports to use for scanning (1 - 65535, default = 443).
    revoked_server_cert str
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sni_server_cert_check str
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status str
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupported_ssl str
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupported_ssl_cipher str
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupported_ssl_negotiation str
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupported_ssl_version str
    Action based on the SSL version used being unsupported.
    untrusted_server_cert str
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certValidationFailure String
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout String
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest String
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate String
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expiredServerCert String
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalidServerCert String
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    minAllowedSslVersion String
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    ports String
    Ports to use for scanning (1 - 65535, default = 443).
    revokedServerCert String
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck String
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status String
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedSsl String
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher String
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation String
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion String
    Action based on the SSL version used being unsupported.
    untrustedServerCert String
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

    SslsshprofileHttps, SslsshprofileHttpsArgs

    CertProbeFailure string
    Action based on certificate probe failure. Valid values: allow, block.
    CertValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    CertValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    ClientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    ClientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    EncryptedClientHello string
    Block/allow session based on existence of encrypted-client-hello. Valid values: allow, block.
    ExpiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    InvalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    MinAllowedSslVersion string
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    Ports string
    Ports to use for scanning (1 - 65535, default = 443).
    ProxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    Quic string
    QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
    RevokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    SniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    Status string
    Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
    UnsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    UnsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    UnsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    UnsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    UntrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    CertProbeFailure string
    Action based on certificate probe failure. Valid values: allow, block.
    CertValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    CertValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    ClientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    ClientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    EncryptedClientHello string
    Block/allow session based on existence of encrypted-client-hello. Valid values: allow, block.
    ExpiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    InvalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    MinAllowedSslVersion string
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    Ports string
    Ports to use for scanning (1 - 65535, default = 443).
    ProxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    Quic string
    QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
    RevokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    SniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    Status string
    Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
    UnsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    UnsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    UnsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    UnsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    UntrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certProbeFailure String
    Action based on certificate probe failure. Valid values: allow, block.
    certValidationFailure String
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout String
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest String
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate String
    Action based on received client certificate. Valid values: bypass, inspect, block.
    encryptedClientHello String
    Block/allow session based on existence of encrypted-client-hello. Valid values: allow, block.
    expiredServerCert String
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalidServerCert String
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    minAllowedSslVersion String
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    ports String
    Ports to use for scanning (1 - 65535, default = 443).
    proxyAfterTcpHandshake String
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    quic String
    QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
    revokedServerCert String
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck String
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status String
    Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
    unsupportedSsl String
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher String
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation String
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion String
    Action based on the SSL version used being unsupported.
    untrustedServerCert String
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certProbeFailure string
    Action based on certificate probe failure. Valid values: allow, block.
    certValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    encryptedClientHello string
    Block/allow session based on existence of encrypted-client-hello. Valid values: allow, block.
    expiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    minAllowedSslVersion string
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    ports string
    Ports to use for scanning (1 - 65535, default = 443).
    proxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    quic string
    QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
    revokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status string
    Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
    unsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    untrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    cert_probe_failure str
    Action based on certificate probe failure. Valid values: allow, block.
    cert_validation_failure str
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    cert_validation_timeout str
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    client_cert_request str
    Action based on client certificate request. Valid values: bypass, inspect, block.
    client_certificate str
    Action based on received client certificate. Valid values: bypass, inspect, block.
    encrypted_client_hello str
    Block/allow session based on existence of encrypted-client-hello. Valid values: allow, block.
    expired_server_cert str
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalid_server_cert str
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    min_allowed_ssl_version str
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    ports str
    Ports to use for scanning (1 - 65535, default = 443).
    proxy_after_tcp_handshake str
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    quic str
    QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
    revoked_server_cert str
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sni_server_cert_check str
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status str
    Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
    unsupported_ssl str
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupported_ssl_cipher str
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupported_ssl_negotiation str
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupported_ssl_version str
    Action based on the SSL version used being unsupported.
    untrusted_server_cert str
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certProbeFailure String
    Action based on certificate probe failure. Valid values: allow, block.
    certValidationFailure String
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout String
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest String
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate String
    Action based on received client certificate. Valid values: bypass, inspect, block.
    encryptedClientHello String
    Block/allow session based on existence of encrypted-client-hello. Valid values: allow, block.
    expiredServerCert String
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalidServerCert String
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    minAllowedSslVersion String
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    ports String
    Ports to use for scanning (1 - 65535, default = 443).
    proxyAfterTcpHandshake String
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    quic String
    QUIC inspection status. On FortiOS versions 7.4.1: default = disable. On FortiOS versions >= 7.4.2: default = inspect.
    revokedServerCert String
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck String
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status String
    Configure protocol inspection status. Valid values: disable, certificate-inspection, deep-inspection.
    unsupportedSsl String
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher String
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation String
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion String
    Action based on the SSL version used being unsupported.
    untrustedServerCert String
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

    SslsshprofileImaps, SslsshprofileImapsArgs

    CertValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    CertValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    ClientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    ClientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    ExpiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    InvalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    Ports string
    Ports to use for scanning (1 - 65535, default = 443).
    ProxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    RevokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    SniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    Status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    UnsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    UnsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    UnsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    UnsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    UntrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    CertValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    CertValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    ClientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    ClientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    ExpiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    InvalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    Ports string
    Ports to use for scanning (1 - 65535, default = 443).
    ProxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    RevokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    SniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    Status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    UnsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    UnsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    UnsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    UnsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    UntrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certValidationFailure String
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout String
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest String
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate String
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expiredServerCert String
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalidServerCert String
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    ports String
    Ports to use for scanning (1 - 65535, default = 443).
    proxyAfterTcpHandshake String
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    revokedServerCert String
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck String
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status String
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedSsl String
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher String
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation String
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion String
    Action based on the SSL version used being unsupported.
    untrustedServerCert String
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    ports string
    Ports to use for scanning (1 - 65535, default = 443).
    proxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    revokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    untrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    cert_validation_failure str
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    cert_validation_timeout str
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    client_cert_request str
    Action based on client certificate request. Valid values: bypass, inspect, block.
    client_certificate str
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expired_server_cert str
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalid_server_cert str
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    ports str
    Ports to use for scanning (1 - 65535, default = 443).
    proxy_after_tcp_handshake str
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    revoked_server_cert str
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sni_server_cert_check str
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status str
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupported_ssl str
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupported_ssl_cipher str
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupported_ssl_negotiation str
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupported_ssl_version str
    Action based on the SSL version used being unsupported.
    untrusted_server_cert str
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certValidationFailure String
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout String
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest String
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate String
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expiredServerCert String
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalidServerCert String
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    ports String
    Ports to use for scanning (1 - 65535, default = 443).
    proxyAfterTcpHandshake String
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    revokedServerCert String
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck String
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status String
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedSsl String
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher String
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation String
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion String
    Action based on the SSL version used being unsupported.
    untrustedServerCert String
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

    SslsshprofilePop3s, SslsshprofilePop3sArgs

    SslsshprofileSmtps, SslsshprofileSmtpsArgs

    CertValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    CertValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    ClientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    ClientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    ExpiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    InvalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    Ports string
    Ports to use for scanning (1 - 65535, default = 443).
    ProxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    RevokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    SniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    Status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    UnsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    UnsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    UnsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    UnsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    UntrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    CertValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    CertValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    ClientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    ClientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    ExpiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    InvalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    Ports string
    Ports to use for scanning (1 - 65535, default = 443).
    ProxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    RevokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    SniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    Status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    UnsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    UnsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    UnsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    UnsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    UntrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certValidationFailure String
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout String
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest String
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate String
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expiredServerCert String
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalidServerCert String
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    ports String
    Ports to use for scanning (1 - 65535, default = 443).
    proxyAfterTcpHandshake String
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    revokedServerCert String
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck String
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status String
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedSsl String
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher String
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation String
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion String
    Action based on the SSL version used being unsupported.
    untrustedServerCert String
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    ports string
    Ports to use for scanning (1 - 65535, default = 443).
    proxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    revokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    untrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    cert_validation_failure str
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    cert_validation_timeout str
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    client_cert_request str
    Action based on client certificate request. Valid values: bypass, inspect, block.
    client_certificate str
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expired_server_cert str
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalid_server_cert str
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    ports str
    Ports to use for scanning (1 - 65535, default = 443).
    proxy_after_tcp_handshake str
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    revoked_server_cert str
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sni_server_cert_check str
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status str
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupported_ssl str
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupported_ssl_cipher str
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupported_ssl_negotiation str
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupported_ssl_version str
    Action based on the SSL version used being unsupported.
    untrusted_server_cert str
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certValidationFailure String
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout String
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest String
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate String
    Action based on received client certificate. Valid values: bypass, inspect, block.
    expiredServerCert String
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    invalidServerCert String
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    ports String
    Ports to use for scanning (1 - 65535, default = 443).
    proxyAfterTcpHandshake String
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    revokedServerCert String
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck String
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    status String
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedSsl String
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher String
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation String
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion String
    Action based on the SSL version used being unsupported.
    untrustedServerCert String
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

    SslsshprofileSsh, SslsshprofileSshArgs

    InspectAll string
    Level of SSL inspection. Valid values: disable, deep-inspection.
    Ports string
    Ports to use for scanning (1 - 65535, default = 443).
    ProxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    SshAlgorithm string
    Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
    SshPolicyCheck string
    Enable/disable SSH policy check. Valid values: disable, enable.
    SshTunPolicyCheck string
    Enable/disable SSH tunnel policy check. Valid values: disable, enable.
    Status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    UnsupportedVersion string
    Action based on SSH version being unsupported. Valid values: bypass, block.
    InspectAll string
    Level of SSL inspection. Valid values: disable, deep-inspection.
    Ports string
    Ports to use for scanning (1 - 65535, default = 443).
    ProxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    SshAlgorithm string
    Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
    SshPolicyCheck string
    Enable/disable SSH policy check. Valid values: disable, enable.
    SshTunPolicyCheck string
    Enable/disable SSH tunnel policy check. Valid values: disable, enable.
    Status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    UnsupportedVersion string
    Action based on SSH version being unsupported. Valid values: bypass, block.
    inspectAll String
    Level of SSL inspection. Valid values: disable, deep-inspection.
    ports String
    Ports to use for scanning (1 - 65535, default = 443).
    proxyAfterTcpHandshake String
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    sshAlgorithm String
    Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
    sshPolicyCheck String
    Enable/disable SSH policy check. Valid values: disable, enable.
    sshTunPolicyCheck String
    Enable/disable SSH tunnel policy check. Valid values: disable, enable.
    status String
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedVersion String
    Action based on SSH version being unsupported. Valid values: bypass, block.
    inspectAll string
    Level of SSL inspection. Valid values: disable, deep-inspection.
    ports string
    Ports to use for scanning (1 - 65535, default = 443).
    proxyAfterTcpHandshake string
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    sshAlgorithm string
    Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
    sshPolicyCheck string
    Enable/disable SSH policy check. Valid values: disable, enable.
    sshTunPolicyCheck string
    Enable/disable SSH tunnel policy check. Valid values: disable, enable.
    status string
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedVersion string
    Action based on SSH version being unsupported. Valid values: bypass, block.
    inspect_all str
    Level of SSL inspection. Valid values: disable, deep-inspection.
    ports str
    Ports to use for scanning (1 - 65535, default = 443).
    proxy_after_tcp_handshake str
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    ssh_algorithm str
    Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
    ssh_policy_check str
    Enable/disable SSH policy check. Valid values: disable, enable.
    ssh_tun_policy_check str
    Enable/disable SSH tunnel policy check. Valid values: disable, enable.
    status str
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupported_version str
    Action based on SSH version being unsupported. Valid values: bypass, block.
    inspectAll String
    Level of SSL inspection. Valid values: disable, deep-inspection.
    ports String
    Ports to use for scanning (1 - 65535, default = 443).
    proxyAfterTcpHandshake String
    Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: enable, disable.
    sshAlgorithm String
    Relative strength of encryption algorithms accepted during negotiation. Valid values: compatible, high-encryption.
    sshPolicyCheck String
    Enable/disable SSH policy check. Valid values: disable, enable.
    sshTunPolicyCheck String
    Enable/disable SSH tunnel policy check. Valid values: disable, enable.
    status String
    Configure protocol inspection status. Valid values: disable, deep-inspection.
    unsupportedVersion String
    Action based on SSH version being unsupported. Valid values: bypass, block.

    SslsshprofileSsl, SslsshprofileSslArgs

    CertProbeFailure string
    Action based on certificate probe failure. Valid values: allow, block.
    CertValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    CertValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    ClientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    ClientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    EncryptedClientHello string
    Block/allow session based on existence of encrypted-client-hello. Valid values: allow, block.
    ExpiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    InspectAll string
    Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
    InvalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    MinAllowedSslVersion string
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    RevokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    SniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    UnsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    UnsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    UnsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    UnsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    UntrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    CertProbeFailure string
    Action based on certificate probe failure. Valid values: allow, block.
    CertValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    CertValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    ClientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    ClientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    EncryptedClientHello string
    Block/allow session based on existence of encrypted-client-hello. Valid values: allow, block.
    ExpiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    InspectAll string
    Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
    InvalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    MinAllowedSslVersion string
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    RevokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    SniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    UnsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    UnsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    UnsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    UnsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    UntrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certProbeFailure String
    Action based on certificate probe failure. Valid values: allow, block.
    certValidationFailure String
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout String
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest String
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate String
    Action based on received client certificate. Valid values: bypass, inspect, block.
    encryptedClientHello String
    Block/allow session based on existence of encrypted-client-hello. Valid values: allow, block.
    expiredServerCert String
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    inspectAll String
    Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
    invalidServerCert String
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    minAllowedSslVersion String
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    revokedServerCert String
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck String
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    unsupportedSsl String
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher String
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation String
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion String
    Action based on the SSL version used being unsupported.
    untrustedServerCert String
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certProbeFailure string
    Action based on certificate probe failure. Valid values: allow, block.
    certValidationFailure string
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout string
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest string
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate string
    Action based on received client certificate. Valid values: bypass, inspect, block.
    encryptedClientHello string
    Block/allow session based on existence of encrypted-client-hello. Valid values: allow, block.
    expiredServerCert string
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    inspectAll string
    Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
    invalidServerCert string
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    minAllowedSslVersion string
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    revokedServerCert string
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck string
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    unsupportedSsl string
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher string
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation string
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion string
    Action based on the SSL version used being unsupported.
    untrustedServerCert string
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    cert_probe_failure str
    Action based on certificate probe failure. Valid values: allow, block.
    cert_validation_failure str
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    cert_validation_timeout str
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    client_cert_request str
    Action based on client certificate request. Valid values: bypass, inspect, block.
    client_certificate str
    Action based on received client certificate. Valid values: bypass, inspect, block.
    encrypted_client_hello str
    Block/allow session based on existence of encrypted-client-hello. Valid values: allow, block.
    expired_server_cert str
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    inspect_all str
    Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
    invalid_server_cert str
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    min_allowed_ssl_version str
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    revoked_server_cert str
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sni_server_cert_check str
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    unsupported_ssl str
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupported_ssl_cipher str
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupported_ssl_negotiation str
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupported_ssl_version str
    Action based on the SSL version used being unsupported.
    untrusted_server_cert str
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.
    certProbeFailure String
    Action based on certificate probe failure. Valid values: allow, block.
    certValidationFailure String
    Action based on certificate validation failure. Valid values: allow, block, ignore.
    certValidationTimeout String
    Action based on certificate validation timeout. Valid values: allow, block, ignore.
    clientCertRequest String
    Action based on client certificate request. Valid values: bypass, inspect, block.
    clientCertificate String
    Action based on received client certificate. Valid values: bypass, inspect, block.
    encryptedClientHello String
    Block/allow session based on existence of encrypted-client-hello. Valid values: allow, block.
    expiredServerCert String
    Action based on server certificate is expired. Valid values: allow, block, ignore.
    inspectAll String
    Level of SSL inspection. Valid values: disable, certificate-inspection, deep-inspection.
    invalidServerCert String
    Allow or block the invalid SSL session server certificate. Valid values: allow, block.
    minAllowedSslVersion String
    Minimum SSL version to be allowed. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
    revokedServerCert String
    Action based on server certificate is revoked. Valid values: allow, block, ignore.
    sniServerCertCheck String
    Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: enable, strict, disable.
    unsupportedSsl String
    Action based on the SSL encryption used being unsupported. Valid values: bypass, inspect, block.
    unsupportedSslCipher String
    Action based on the SSL cipher used being unsupported. Valid values: allow, block.
    unsupportedSslNegotiation String
    Action based on the SSL negotiation used being unsupported. Valid values: allow, block.
    unsupportedSslVersion String
    Action based on the SSL version used being unsupported.
    untrustedServerCert String
    Allow, ignore, or block the untrusted SSL session server certificate. Valid values: allow, block, ignore.

    SslsshprofileSslExempt, SslsshprofileSslExemptArgs

    Address string
    IPv4 address object.
    Address6 string
    IPv6 address object.
    FortiguardCategory int
    FortiGuard category ID.
    Id int
    ID number.
    Regex string
    Exempt servers by regular expression.
    Type string
    Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
    WildcardFqdn string
    Exempt servers by wildcard FQDN.
    Address string
    IPv4 address object.
    Address6 string
    IPv6 address object.
    FortiguardCategory int
    FortiGuard category ID.
    Id int
    ID number.
    Regex string
    Exempt servers by regular expression.
    Type string
    Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
    WildcardFqdn string
    Exempt servers by wildcard FQDN.
    address String
    IPv4 address object.
    address6 String
    IPv6 address object.
    fortiguardCategory Integer
    FortiGuard category ID.
    id Integer
    ID number.
    regex String
    Exempt servers by regular expression.
    type String
    Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
    wildcardFqdn String
    Exempt servers by wildcard FQDN.
    address string
    IPv4 address object.
    address6 string
    IPv6 address object.
    fortiguardCategory number
    FortiGuard category ID.
    id number
    ID number.
    regex string
    Exempt servers by regular expression.
    type string
    Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
    wildcardFqdn string
    Exempt servers by wildcard FQDN.
    address str
    IPv4 address object.
    address6 str
    IPv6 address object.
    fortiguard_category int
    FortiGuard category ID.
    id int
    ID number.
    regex str
    Exempt servers by regular expression.
    type str
    Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
    wildcard_fqdn str
    Exempt servers by wildcard FQDN.
    address String
    IPv4 address object.
    address6 String
    IPv6 address object.
    fortiguardCategory Number
    FortiGuard category ID.
    id Number
    ID number.
    regex String
    Exempt servers by regular expression.
    type String
    Type of address object (IPv4 or IPv6) or FortiGuard category. Valid values: fortiguard-category, address, address6, wildcard-fqdn, regex.
    wildcardFqdn String
    Exempt servers by wildcard FQDN.

    SslsshprofileSslServer, SslsshprofileSslServerArgs

    FtpsClientCertRequest string
    Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
    FtpsClientCertificate string
    Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
    HttpsClientCertRequest string
    Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
    HttpsClientCertificate string
    Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
    Id int
    SSL server ID.
    ImapsClientCertRequest string
    Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
    ImapsClientCertificate string
    Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
    Ip string
    IPv4 address of the SSL server.
    Pop3sClientCertRequest string
    Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
    Pop3sClientCertificate string
    Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
    SmtpsClientCertRequest string
    Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
    SmtpsClientCertificate string
    Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
    SslOtherClientCertRequest string
    Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
    SslOtherClientCertificate string
    Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.
    FtpsClientCertRequest string
    Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
    FtpsClientCertificate string
    Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
    HttpsClientCertRequest string
    Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
    HttpsClientCertificate string
    Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
    Id int
    SSL server ID.
    ImapsClientCertRequest string
    Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
    ImapsClientCertificate string
    Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
    Ip string
    IPv4 address of the SSL server.
    Pop3sClientCertRequest string
    Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
    Pop3sClientCertificate string
    Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
    SmtpsClientCertRequest string
    Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
    SmtpsClientCertificate string
    Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
    SslOtherClientCertRequest string
    Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
    SslOtherClientCertificate string
    Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.
    ftpsClientCertRequest String
    Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
    ftpsClientCertificate String
    Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
    httpsClientCertRequest String
    Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
    httpsClientCertificate String
    Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
    id Integer
    SSL server ID.
    imapsClientCertRequest String
    Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
    imapsClientCertificate String
    Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
    ip String
    IPv4 address of the SSL server.
    pop3sClientCertRequest String
    Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
    pop3sClientCertificate String
    Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
    smtpsClientCertRequest String
    Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
    smtpsClientCertificate String
    Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
    sslOtherClientCertRequest String
    Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
    sslOtherClientCertificate String
    Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.
    ftpsClientCertRequest string
    Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
    ftpsClientCertificate string
    Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
    httpsClientCertRequest string
    Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
    httpsClientCertificate string
    Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
    id number
    SSL server ID.
    imapsClientCertRequest string
    Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
    imapsClientCertificate string
    Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
    ip string
    IPv4 address of the SSL server.
    pop3sClientCertRequest string
    Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
    pop3sClientCertificate string
    Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
    smtpsClientCertRequest string
    Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
    smtpsClientCertificate string
    Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
    sslOtherClientCertRequest string
    Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
    sslOtherClientCertificate string
    Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.
    ftps_client_cert_request str
    Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
    ftps_client_certificate str
    Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
    https_client_cert_request str
    Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
    https_client_certificate str
    Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
    id int
    SSL server ID.
    imaps_client_cert_request str
    Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
    imaps_client_certificate str
    Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
    ip str
    IPv4 address of the SSL server.
    pop3s_client_cert_request str
    Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
    pop3s_client_certificate str
    Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
    smtps_client_cert_request str
    Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
    smtps_client_certificate str
    Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
    ssl_other_client_cert_request str
    Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
    ssl_other_client_certificate str
    Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.
    ftpsClientCertRequest String
    Action based on client certificate request during the FTPS handshake. Valid values: bypass, inspect, block.
    ftpsClientCertificate String
    Action based on received client certificate during the FTPS handshake. Valid values: bypass, inspect, block.
    httpsClientCertRequest String
    Action based on client certificate request during the HTTPS handshake. Valid values: bypass, inspect, block.
    httpsClientCertificate String
    Action based on received client certificate during the HTTPS handshake. Valid values: bypass, inspect, block.
    id Number
    SSL server ID.
    imapsClientCertRequest String
    Action based on client certificate request during the IMAPS handshake. Valid values: bypass, inspect, block.
    imapsClientCertificate String
    Action based on received client certificate during the IMAPS handshake. Valid values: bypass, inspect, block.
    ip String
    IPv4 address of the SSL server.
    pop3sClientCertRequest String
    Action based on client certificate request during the POP3S handshake. Valid values: bypass, inspect, block.
    pop3sClientCertificate String
    Action based on received client certificate during the POP3S handshake. Valid values: bypass, inspect, block.
    smtpsClientCertRequest String
    Action based on client certificate request during the SMTPS handshake. Valid values: bypass, inspect, block.
    smtpsClientCertificate String
    Action based on received client certificate during the SMTPS handshake. Valid values: bypass, inspect, block.
    sslOtherClientCertRequest String
    Action based on client certificate request during an SSL protocol handshake. Valid values: bypass, inspect, block.
    sslOtherClientCertificate String
    Action based on received client certificate during an SSL protocol handshake. Valid values: bypass, inspect, block.

    Import

    Firewall SslSshProfile can be imported using any of these accepted formats:

    $ pulumi import fortios:firewall/sslsshprofile:Sslsshprofile labelname {{name}}
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:firewall/sslsshprofile:Sslsshprofile labelname {{name}}
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse