| source: | fortios_firewall_ssl_ssh_profile.py |
|---|---|
| orphan: |
fortios_firewall_ssl_ssh_profile -- Configure SSL/SSH protocol options in Fortinet's FortiOS and FortiGate.
.. versionadded:: 2.0.0
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ssl_ssh_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.9
Using member operation to add an element to an existing object.
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.0.12 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
v7.2.4 |
v7.4.0 |
|
| fortios_firewall_ssl_ssh_profile | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- firewall_ssl_ssh_profile - Configure SSL/SSH protocol options. type: dict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0firewall_ssl_ssh_profile yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - allowlist - Enable/disable exempting servers by FortiGuard allowlist. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0allowlist no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - block_blacklisted_certificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4block_blacklisted_certificates no no no yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes - block_blocklisted_certificates - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blocklist. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0block_blocklisted_certificates no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - caname - CA certificate used by SSL Inspection. Source vpn.certificate.local.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0caname yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - comment - Optional comments. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0comment yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dot - Configure DNS over TLS options. type: dict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dot no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore
more...
v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_failure yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore
more...
v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_timeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block
more...
v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0client_certificate yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore
more...
v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0expired_server_cert yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable
more...
v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_after_tcp_handshake yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore
more...
v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0revoked_server_cert yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable
more...
v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0sni_server_cert_check yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [strict] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - status - Configure protocol inspection status. type: str choices: disable, deep-inspection
more...
v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0status yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [deep-inspection] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block
more...
v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_cipher yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block
more...
v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_negotiation yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect
more...
v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_version no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a yes yes yes n/a n/a n/a n/a n/a no n/a n/a n/a n/a n/a - untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore
more...
v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0untrusted_server_cert yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ftps - Configure FTPS options. type: dict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ftps yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11allow_invalid_server_cert yes yes yes [enable] yes yes yes [disable] yes yes yes - cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_failure no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_timeout no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7client_cert_request yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0client_certificate no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0expired_server_cert no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - invalid_server_cert - Allow or block the invalid SSL session server certificate. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7invalid_server_cert no no no yes yes yes yes [allow] n/a n/a n/a yes yes yes yes [block] n/a n/a n/a yes yes yes yes - min_allowed_ssl_version - Minimum SSL version to be allowed. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0min_allowed_ssl_version no no no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes [ssl-3.0] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes - ports - Ports to use for scanning (1 - 65535). type: list
- revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0revoked_server_cert no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0sni_server_cert_check no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [strict] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - status - Configure protocol inspection status. type: str choices: disable, deep-inspection
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0status yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [deep-inspection] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7unsupported_ssl yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_cipher no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_negotiation no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_version no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes n/a n/a n/a n/a n/a no n/a n/a n/a n/a n/a - untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11untrusted_cert yes yes yes [allow] yes yes yes [block] yes yes yes [ignore] yes yes yes - untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0untrusted_server_cert no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - https - Configure HTTPS options. type: dict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0https yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11allow_invalid_server_cert yes yes yes [enable] yes yes yes [disable] yes yes yes - cert_probe_failure - Action based on certificate probe failure. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_probe_failure no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_failure no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_timeout no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7client_cert_request yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0client_certificate no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0expired_server_cert no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - invalid_server_cert - Allow or block the invalid SSL session server certificate. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7invalid_server_cert no no no yes yes yes yes [allow] n/a n/a n/a yes yes yes yes [block] n/a n/a n/a yes yes yes yes - min_allowed_ssl_version - Minimum SSL version to be allowed. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0min_allowed_ssl_version no no no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes [ssl-3.0] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes - ports - Ports to use for scanning (1 - 65535). type: list
- proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_after_tcp_handshake no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0revoked_server_cert no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0sni_server_cert_check no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [strict] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - status - Configure protocol inspection status. type: str choices: disable, certificate-inspection, deep-inspection
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0status yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [certificate-inspection] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [deep-inspection] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7unsupported_ssl yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_cipher no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_negotiation no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_version no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes n/a n/a n/a n/a n/a no n/a n/a n/a n/a n/a - untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11untrusted_cert yes yes yes [allow] yes yes yes [block] yes yes yes [ignore] yes yes yes - untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0untrusted_server_cert no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - imaps - Configure IMAPS options. type: dict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0imaps yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11allow_invalid_server_cert yes yes yes [enable] yes yes yes [disable] yes yes yes - cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_failure no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_timeout no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7client_cert_request yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0client_certificate no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0expired_server_cert no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - invalid_server_cert - Allow or block the invalid SSL session server certificate. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7invalid_server_cert no no no yes yes yes yes [allow] n/a n/a n/a yes yes yes yes [block] n/a n/a n/a yes yes yes yes - ports - Ports to use for scanning (1 - 65535). type: list
- proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_after_tcp_handshake no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0revoked_server_cert no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0sni_server_cert_check no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [strict] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - status - Configure protocol inspection status. type: str choices: disable, deep-inspection
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0status yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [deep-inspection] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7unsupported_ssl yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_cipher no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_negotiation no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_version no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes n/a n/a n/a n/a n/a no n/a n/a n/a n/a n/a - untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11untrusted_cert yes yes yes [allow] yes yes yes [block] yes yes yes [ignore] yes yes yes - untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0untrusted_server_cert no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mapi_over_https - Enable/disable inspection of MAPI over HTTPS. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0mapi_over_https yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - Name. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - pop3s - Configure POP3S options. type: dict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0pop3s yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11allow_invalid_server_cert yes yes yes [enable] yes yes yes [disable] yes yes yes - cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_failure no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_timeout no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7client_cert_request yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0client_certificate no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0expired_server_cert no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - invalid_server_cert - Allow or block the invalid SSL session server certificate. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7invalid_server_cert no no no yes yes yes yes [allow] n/a n/a n/a yes yes yes yes [block] n/a n/a n/a yes yes yes yes - ports - Ports to use for scanning (1 - 65535). type: list
- proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_after_tcp_handshake no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0revoked_server_cert no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0sni_server_cert_check no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [strict] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - status - Configure protocol inspection status. type: str choices: disable, deep-inspection
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0status yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [deep-inspection] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7unsupported_ssl yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_cipher no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_negotiation no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_version no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes n/a n/a n/a n/a n/a no n/a n/a n/a n/a n/a - untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11untrusted_cert yes yes yes [allow] yes yes yes [block] yes yes yes [ignore] yes yes yes - untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0untrusted_server_cert no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - rpc_over_https - Enable/disable inspection of RPC over HTTPS. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0rpc_over_https yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - server_cert - Certificate used by SSL Inspection to replace server certificate. Source vpn.certificate.local.name. type: list member_path: server_cert:name
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0server_cert yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - Certificate list. Source vpn.certificate.local.name. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0name no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - server_cert_mode - Re-sign or replace the server"s certificate. type: str choices: re-sign, replace
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0server_cert_mode yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [re-sign] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [replace] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - smtps - Configure SMTPS options. type: dict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0smtps yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11allow_invalid_server_cert yes yes yes [enable] yes yes yes [disable] yes yes yes - cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_failure no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_timeout no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7client_cert_request yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0client_certificate no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0expired_server_cert no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - invalid_server_cert - Allow or block the invalid SSL session server certificate. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7invalid_server_cert no no no yes yes yes yes [allow] n/a n/a n/a yes yes yes yes [block] n/a n/a n/a yes yes yes yes - ports - Ports to use for scanning (1 - 65535). type: list
- proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_after_tcp_handshake no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0revoked_server_cert no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0sni_server_cert_check no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [strict] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - status - Configure protocol inspection status. type: str choices: disable, deep-inspection
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0status yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [deep-inspection] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7unsupported_ssl yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_cipher no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_negotiation no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_version no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes n/a n/a n/a n/a n/a no n/a n/a n/a n/a n/a - untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11untrusted_cert yes yes yes [allow] yes yes yes [block] yes yes yes [ignore] yes yes yes - untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0untrusted_server_cert no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh - Configure SSH options. type: dict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssh yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - inspect_all - Level of SSL inspection. type: str choices: disable, deep-inspection
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0inspect_all yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [deep-inspection] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ports - Ports to use for scanning (1 - 65535). type: list
- proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_after_tcp_handshake no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh_algorithm - Relative strength of encryption algorithms accepted during negotiation. type: str choices: compatible, high-encryption
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssh_algorithm yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [compatible] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [high-encryption] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh_policy_check - Enable/disable SSH policy check. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11ssh_policy_check yes yes yes [disable] yes yes yes [enable] yes yes yes - ssh_tun_policy_check - Enable/disable SSH tunnel policy check. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssh_tun_policy_check yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - status - Configure protocol inspection status. type: str choices: disable, deep-inspection
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0status yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [deep-inspection] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_version - Action based on SSH version being unsupported. type: str choices: bypass, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl - Configure SSL options. type: dict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11allow_invalid_server_cert yes yes yes [enable] yes yes yes [disable] yes yes yes - cert_probe_failure - Action based on certificate probe failure. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_probe_failure no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_validation_failure - Action based on certificate validation failure. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_failure no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_validation_timeout - Action based on certificate validation timeout. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_validation_timeout no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7client_cert_request yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - client_certificate - Action based on received client certificate. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0client_certificate no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - expired_server_cert - Action based on server certificate is expired. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0expired_server_cert no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - inspect_all - Level of SSL inspection. type: str choices: disable, certificate-inspection, deep-inspection
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0inspect_all yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [certificate-inspection] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [deep-inspection] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - invalid_server_cert - Allow or block the invalid SSL session server certificate. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7invalid_server_cert no no no yes yes yes yes [allow] n/a n/a n/a yes yes yes yes [block] n/a n/a n/a yes yes yes yes - min_allowed_ssl_version - Minimum SSL version to be allowed. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0min_allowed_ssl_version no no no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes [ssl-3.0] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [tls-1.0] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [tls-1.1] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [tls-1.2] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [tls-1.3] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes - revoked_server_cert - Action based on server certificate is revoked. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0revoked_server_cert no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sni_server_cert_check - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. type: str choices: enable, strict, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0sni_server_cert_check no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [strict] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7unsupported_ssl yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - unsupported_ssl_cipher - Action based on the SSL cipher used being unsupported. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_cipher no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_negotiation - Action based on the SSL negotiation used being unsupported. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_negotiation no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unsupported_ssl_version - Action based on the SSL version used being unsupported. type: str choices: allow, block, inspect
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unsupported_ssl_version no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes n/a n/a n/a n/a n/a no n/a n/a n/a n/a n/a - untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11untrusted_cert yes yes yes [allow] yes yes yes [block] yes yes yes [ignore] yes yes yes - untrusted_server_cert - Action based on server certificate is not issued by a trusted CA. type: str choices: allow, block, ignore
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0untrusted_server_cert no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ignore] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_anomalies_log - Enable/disable logging SSL anomalies. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1ssl_anomalies_log yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes - ssl_anomaly_log - Enable/disable logging of SSL anomalies. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_anomaly_log no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_exempt - Servers to exempt from SSL inspection. type: list member_path: ssl_exempt:id
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_exempt yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - address - IPv4 address object. Source firewall.address.name firewall.addrgrp.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0address yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - address6 - IPv6 address object. Source firewall.address6.name firewall.addrgrp6.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0address6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fortiguard_category - FortiGuard category ID. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fortiguard_category yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - id - ID number. type: int required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - regex - Exempt servers by regular expression. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0regex yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - type - Type of address object (IPv4 or IPv6) or FortiGuard category. type: str choices: fortiguard-category, address, address6, wildcard-fqdn, regex
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [fortiguard-category] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [address] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [address6] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [wildcard-fqdn] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [regex] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wildcard_fqdn - Exempt servers by wildcard FQDN. Source firewall.wildcard-fqdn.custom.name firewall.wildcard-fqdn.group.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wildcard_fqdn yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_exemption_ip_rating - Enable/disable IP based URL rating. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_exemption_ip_rating no no no no no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes - ssl_exemption_log - Enable/disable logging of SSL exemptions. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_exemption_log no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_exemptions_log - Enable/disable logging SSL exemptions. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1ssl_exemptions_log yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes - ssl_handshake_log - Enable/disable logging of TLS handshakes. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_handshake_log no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_negotiation_log - Enable/disable logging of SSL negotiation events. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_negotiation_log no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_server - SSL server settings used for client certificate request. type: list member_path: ssl_server:id
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_server yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ftps_client_cert_request - Action based on client certificate request during the FTPS handshake. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7ftps_client_cert_request yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - ftps_client_certificate - Action based on received client certificate during the FTPS handshake. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ftps_client_certificate no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - https_client_cert_request - Action based on client certificate request during the HTTPS handshake. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7https_client_cert_request yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - https_client_certificate - Action based on received client certificate during the HTTPS handshake. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0https_client_certificate no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - id - SSL server ID. type: int required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - imaps_client_cert_request - Action based on client certificate request during the IMAPS handshake. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7imaps_client_cert_request yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - imaps_client_certificate - Action based on received client certificate during the IMAPS handshake. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0imaps_client_certificate no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ip - IPv4 address of the SSL server. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - pop3s_client_cert_request - Action based on client certificate request during the POP3S handshake. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7pop3s_client_cert_request yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - pop3s_client_certificate - Action based on received client certificate during the POP3S handshake. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0pop3s_client_certificate no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - smtps_client_cert_request - Action based on client certificate request during the SMTPS handshake. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7smtps_client_cert_request yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - smtps_client_certificate - Action based on received client certificate during the SMTPS handshake. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0smtps_client_certificate no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_other_client_cert_request - Action based on client certificate request during an SSL protocol handshake. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7ssl_other_client_cert_request yes yes yes yes yes yes yes [bypass] yes yes yes yes yes yes yes [inspect] yes yes yes yes yes yes yes [block] yes yes yes yes yes yes yes - ssl_other_client_certificate - Action based on received client certificate during an SSL protocol handshake. type: str choices: bypass, inspect, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_other_client_certificate no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [bypass] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [inspect] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_server_cert_log - Enable/disable logging of server certificate information. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_server_cert_log no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes - supported_alpn - Configure ALPN option. type: str choices: http1-1, http2, all, none
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0supported_alpn no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http1-1] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [http2] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [all] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [none] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - untrusted_caname - Untrusted CA certificate used by SSL Inspection. Source vpn.certificate.local.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0untrusted_caname yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - use_ssl_server - Enable/disable the use of SSL server table for SSL offloading. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0use_ssl_server yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - whitelist - Enable/disable exempting servers by FortiGuard whitelist. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4whitelist yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure SSL/SSH protocol options.
fortios_firewall_ssl_ssh_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_ssl_ssh_profile:
allowlist: "enable"
block_blacklisted_certificates: "disable"
block_blocklisted_certificates: "disable"
caname: "<your_own_value> (source vpn.certificate.local.name)"
comment: "Optional comments."
dot:
cert_validation_failure: "allow"
cert_validation_timeout: "allow"
client_certificate: "bypass"
expired_server_cert: "allow"
proxy_after_tcp_handshake: "enable"
revoked_server_cert: "allow"
sni_server_cert_check: "enable"
status: "disable"
unsupported_ssl_cipher: "allow"
unsupported_ssl_negotiation: "allow"
unsupported_ssl_version: "allow"
untrusted_server_cert: "allow"
ftps:
allow_invalid_server_cert: "enable"
cert_validation_failure: "allow"
cert_validation_timeout: "allow"
client_cert_request: "bypass"
client_certificate: "bypass"
expired_server_cert: "allow"
invalid_server_cert: "allow"
min_allowed_ssl_version: "ssl-3.0"
ports: "<your_own_value>"
revoked_server_cert: "allow"
sni_server_cert_check: "enable"
status: "disable"
unsupported_ssl: "bypass"
unsupported_ssl_cipher: "allow"
unsupported_ssl_negotiation: "allow"
unsupported_ssl_version: "allow"
untrusted_cert: "allow"
untrusted_server_cert: "allow"
https:
allow_invalid_server_cert: "enable"
cert_probe_failure: "allow"
cert_validation_failure: "allow"
cert_validation_timeout: "allow"
client_cert_request: "bypass"
client_certificate: "bypass"
expired_server_cert: "allow"
invalid_server_cert: "allow"
min_allowed_ssl_version: "ssl-3.0"
ports: "<your_own_value>"
proxy_after_tcp_handshake: "enable"
revoked_server_cert: "allow"
sni_server_cert_check: "enable"
status: "disable"
unsupported_ssl: "bypass"
unsupported_ssl_cipher: "allow"
unsupported_ssl_negotiation: "allow"
unsupported_ssl_version: "allow"
untrusted_cert: "allow"
untrusted_server_cert: "allow"
imaps:
allow_invalid_server_cert: "enable"
cert_validation_failure: "allow"
cert_validation_timeout: "allow"
client_cert_request: "bypass"
client_certificate: "bypass"
expired_server_cert: "allow"
invalid_server_cert: "allow"
ports: "<your_own_value>"
proxy_after_tcp_handshake: "enable"
revoked_server_cert: "allow"
sni_server_cert_check: "enable"
status: "disable"
unsupported_ssl: "bypass"
unsupported_ssl_cipher: "allow"
unsupported_ssl_negotiation: "allow"
unsupported_ssl_version: "allow"
untrusted_cert: "allow"
untrusted_server_cert: "allow"
mapi_over_https: "enable"
name: "default_name_81"
pop3s:
allow_invalid_server_cert: "enable"
cert_validation_failure: "allow"
cert_validation_timeout: "allow"
client_cert_request: "bypass"
client_certificate: "bypass"
expired_server_cert: "allow"
invalid_server_cert: "allow"
ports: "<your_own_value>"
proxy_after_tcp_handshake: "enable"
revoked_server_cert: "allow"
sni_server_cert_check: "enable"
status: "disable"
unsupported_ssl: "bypass"
unsupported_ssl_cipher: "allow"
unsupported_ssl_negotiation: "allow"
unsupported_ssl_version: "allow"
untrusted_cert: "allow"
untrusted_server_cert: "allow"
rpc_over_https: "enable"
server_cert:
-
name: "default_name_103 (source vpn.certificate.local.name)"
server_cert_mode: "re-sign"
smtps:
allow_invalid_server_cert: "enable"
cert_validation_failure: "allow"
cert_validation_timeout: "allow"
client_cert_request: "bypass"
client_certificate: "bypass"
expired_server_cert: "allow"
invalid_server_cert: "allow"
ports: "<your_own_value>"
proxy_after_tcp_handshake: "enable"
revoked_server_cert: "allow"
sni_server_cert_check: "enable"
status: "disable"
unsupported_ssl: "bypass"
unsupported_ssl_cipher: "allow"
unsupported_ssl_negotiation: "allow"
unsupported_ssl_version: "allow"
untrusted_cert: "allow"
untrusted_server_cert: "allow"
ssh:
inspect_all: "disable"
ports: "<your_own_value>"
proxy_after_tcp_handshake: "enable"
ssh_algorithm: "compatible"
ssh_policy_check: "disable"
ssh_tun_policy_check: "disable"
status: "disable"
unsupported_version: "bypass"
ssl:
allow_invalid_server_cert: "enable"
cert_probe_failure: "allow"
cert_validation_failure: "allow"
cert_validation_timeout: "allow"
client_cert_request: "bypass"
client_certificate: "bypass"
expired_server_cert: "allow"
inspect_all: "disable"
invalid_server_cert: "allow"
min_allowed_ssl_version: "ssl-3.0"
revoked_server_cert: "allow"
sni_server_cert_check: "enable"
unsupported_ssl: "bypass"
unsupported_ssl_cipher: "allow"
unsupported_ssl_negotiation: "allow"
unsupported_ssl_version: "allow"
untrusted_cert: "allow"
untrusted_server_cert: "allow"
ssl_anomalies_log: "disable"
ssl_anomaly_log: "disable"
ssl_exempt:
-
address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
address6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
fortiguard_category: "0"
id: "158"
regex: "<your_own_value>"
type: "fortiguard-category"
wildcard_fqdn: "<your_own_value> (source firewall.wildcard-fqdn.custom.name firewall.wildcard-fqdn.group.name)"
ssl_exemption_ip_rating: "enable"
ssl_exemption_log: "disable"
ssl_exemptions_log: "disable"
ssl_handshake_log: "disable"
ssl_negotiation_log: "disable"
ssl_server:
-
ftps_client_cert_request: "bypass"
ftps_client_certificate: "bypass"
https_client_cert_request: "bypass"
https_client_certificate: "bypass"
id: "172"
imaps_client_cert_request: "bypass"
imaps_client_certificate: "bypass"
ip: "<your_own_value>"
pop3s_client_cert_request: "bypass"
pop3s_client_certificate: "bypass"
smtps_client_cert_request: "bypass"
smtps_client_certificate: "bypass"
ssl_other_client_cert_request: "bypass"
ssl_other_client_certificate: "bypass"
ssl_server_cert_log: "disable"
supported_alpn: "http1-1"
untrusted_caname: "<your_own_value> (source vpn.certificate.local.name)"
use_ssl_server: "disable"
whitelist: "enable"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.