1. Packages
  2. Fortios
  3. API Docs
  4. firewall
  5. firewall/ssl
  6. Setting
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.firewall/ssl.Setting

Explore with Pulumi AI

fortios logo
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

    SSL proxy settings.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumiverse/fortios";
    
    const trname = new fortios.firewall.ssl.Setting("trname", {
        abbreviateHandshake: "enable",
        certCacheCapacity: 200,
        certCacheTimeout: 10,
        kxpQueueThreshold: 16,
        noMatchingCipherAction: "bypass",
        proxyConnectTimeout: 30,
        sessionCacheCapacity: 500,
        sessionCacheTimeout: 20,
        sslDhBits: "2048",
        sslQueueThreshold: 32,
        sslSendEmptyFrags: "enable",
    });
    
    import pulumi
    import pulumiverse_fortios as fortios
    
    trname = fortios.firewall.ssl.Setting("trname",
        abbreviate_handshake="enable",
        cert_cache_capacity=200,
        cert_cache_timeout=10,
        kxp_queue_threshold=16,
        no_matching_cipher_action="bypass",
        proxy_connect_timeout=30,
        session_cache_capacity=500,
        session_cache_timeout=20,
        ssl_dh_bits="2048",
        ssl_queue_threshold=32,
        ssl_send_empty_frags="enable")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := firewall.NewSetting(ctx, "trname", &firewall.SettingArgs{
    			AbbreviateHandshake:    pulumi.String("enable"),
    			CertCacheCapacity:      pulumi.Int(200),
    			CertCacheTimeout:       pulumi.Int(10),
    			KxpQueueThreshold:      pulumi.Int(16),
    			NoMatchingCipherAction: pulumi.String("bypass"),
    			ProxyConnectTimeout:    pulumi.Int(30),
    			SessionCacheCapacity:   pulumi.Int(500),
    			SessionCacheTimeout:    pulumi.Int(20),
    			SslDhBits:              pulumi.String("2048"),
    			SslQueueThreshold:      pulumi.Int(32),
    			SslSendEmptyFrags:      pulumi.String("enable"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumiverse.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var trname = new Fortios.Firewall.Ssl.Setting("trname", new()
        {
            AbbreviateHandshake = "enable",
            CertCacheCapacity = 200,
            CertCacheTimeout = 10,
            KxpQueueThreshold = 16,
            NoMatchingCipherAction = "bypass",
            ProxyConnectTimeout = 30,
            SessionCacheCapacity = 500,
            SessionCacheTimeout = 20,
            SslDhBits = "2048",
            SslQueueThreshold = 32,
            SslSendEmptyFrags = "enable",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.firewall.Setting;
    import com.pulumi.fortios.firewall.SettingArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var trname = new Setting("trname", SettingArgs.builder()
                .abbreviateHandshake("enable")
                .certCacheCapacity(200)
                .certCacheTimeout(10)
                .kxpQueueThreshold(16)
                .noMatchingCipherAction("bypass")
                .proxyConnectTimeout(30)
                .sessionCacheCapacity(500)
                .sessionCacheTimeout(20)
                .sslDhBits("2048")
                .sslQueueThreshold(32)
                .sslSendEmptyFrags("enable")
                .build());
    
        }
    }
    
    resources:
      trname:
        type: fortios:firewall/ssl:Setting
        properties:
          abbreviateHandshake: enable
          certCacheCapacity: 200
          certCacheTimeout: 10
          kxpQueueThreshold: 16
          noMatchingCipherAction: bypass
          proxyConnectTimeout: 30
          sessionCacheCapacity: 500
          sessionCacheTimeout: 20
          sslDhBits: '2048'
          sslQueueThreshold: 32
          sslSendEmptyFrags: enable
    

    Create Setting Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Setting(name: string, args: SettingArgs, opts?: CustomResourceOptions);
    @overload
    def Setting(resource_name: str,
                args: SettingArgs,
                opts: Optional[ResourceOptions] = None)
    
    @overload
    def Setting(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                cert_cache_capacity: Optional[int] = None,
                cert_cache_timeout: Optional[int] = None,
                no_matching_cipher_action: Optional[str] = None,
                proxy_connect_timeout: Optional[int] = None,
                session_cache_capacity: Optional[int] = None,
                session_cache_timeout: Optional[int] = None,
                ssl_dh_bits: Optional[str] = None,
                ssl_send_empty_frags: Optional[str] = None,
                abbreviate_handshake: Optional[str] = None,
                kxp_queue_threshold: Optional[int] = None,
                ssl_queue_threshold: Optional[int] = None,
                vdomparam: Optional[str] = None)
    func NewSetting(ctx *Context, name string, args SettingArgs, opts ...ResourceOption) (*Setting, error)
    public Setting(string name, SettingArgs args, CustomResourceOptions? opts = null)
    public Setting(String name, SettingArgs args)
    public Setting(String name, SettingArgs args, CustomResourceOptions options)
    
    type: fortios:firewall/ssl/setting:Setting
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SettingArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SettingArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SettingArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SettingArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SettingArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Setting Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Setting resource accepts the following input properties:

    CertCacheCapacity int
    Maximum capacity of the host certificate cache (0 - 500, default = 200).
    CertCacheTimeout int
    Time limit to keep certificate cache (1 - 120 min, default = 10).
    NoMatchingCipherAction string
    Bypass or drop the connection when no matching cipher is found. Valid values: bypass, drop.
    ProxyConnectTimeout int
    Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
    SessionCacheCapacity int
    Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
    SessionCacheTimeout int
    Time limit to keep SSL session state (1 - 60 min, default = 20).
    SslDhBits string
    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: 768, 1024, 1536, 2048.
    SslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). Valid values: enable, disable.
    AbbreviateHandshake string
    Enable/disable use of SSL abbreviated handshake. Valid values: enable, disable.
    KxpQueueThreshold int
    Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
    SslQueueThreshold int
    Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    CertCacheCapacity int
    Maximum capacity of the host certificate cache (0 - 500, default = 200).
    CertCacheTimeout int
    Time limit to keep certificate cache (1 - 120 min, default = 10).
    NoMatchingCipherAction string
    Bypass or drop the connection when no matching cipher is found. Valid values: bypass, drop.
    ProxyConnectTimeout int
    Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
    SessionCacheCapacity int
    Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
    SessionCacheTimeout int
    Time limit to keep SSL session state (1 - 60 min, default = 20).
    SslDhBits string
    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: 768, 1024, 1536, 2048.
    SslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). Valid values: enable, disable.
    AbbreviateHandshake string
    Enable/disable use of SSL abbreviated handshake. Valid values: enable, disable.
    KxpQueueThreshold int
    Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
    SslQueueThreshold int
    Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    certCacheCapacity Integer
    Maximum capacity of the host certificate cache (0 - 500, default = 200).
    certCacheTimeout Integer
    Time limit to keep certificate cache (1 - 120 min, default = 10).
    noMatchingCipherAction String
    Bypass or drop the connection when no matching cipher is found. Valid values: bypass, drop.
    proxyConnectTimeout Integer
    Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
    sessionCacheCapacity Integer
    Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
    sessionCacheTimeout Integer
    Time limit to keep SSL session state (1 - 60 min, default = 20).
    sslDhBits String
    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: 768, 1024, 1536, 2048.
    sslSendEmptyFrags String
    Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). Valid values: enable, disable.
    abbreviateHandshake String
    Enable/disable use of SSL abbreviated handshake. Valid values: enable, disable.
    kxpQueueThreshold Integer
    Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
    sslQueueThreshold Integer
    Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    certCacheCapacity number
    Maximum capacity of the host certificate cache (0 - 500, default = 200).
    certCacheTimeout number
    Time limit to keep certificate cache (1 - 120 min, default = 10).
    noMatchingCipherAction string
    Bypass or drop the connection when no matching cipher is found. Valid values: bypass, drop.
    proxyConnectTimeout number
    Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
    sessionCacheCapacity number
    Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
    sessionCacheTimeout number
    Time limit to keep SSL session state (1 - 60 min, default = 20).
    sslDhBits string
    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: 768, 1024, 1536, 2048.
    sslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). Valid values: enable, disable.
    abbreviateHandshake string
    Enable/disable use of SSL abbreviated handshake. Valid values: enable, disable.
    kxpQueueThreshold number
    Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
    sslQueueThreshold number
    Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    cert_cache_capacity int
    Maximum capacity of the host certificate cache (0 - 500, default = 200).
    cert_cache_timeout int
    Time limit to keep certificate cache (1 - 120 min, default = 10).
    no_matching_cipher_action str
    Bypass or drop the connection when no matching cipher is found. Valid values: bypass, drop.
    proxy_connect_timeout int
    Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
    session_cache_capacity int
    Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
    session_cache_timeout int
    Time limit to keep SSL session state (1 - 60 min, default = 20).
    ssl_dh_bits str
    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: 768, 1024, 1536, 2048.
    ssl_send_empty_frags str
    Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). Valid values: enable, disable.
    abbreviate_handshake str
    Enable/disable use of SSL abbreviated handshake. Valid values: enable, disable.
    kxp_queue_threshold int
    Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
    ssl_queue_threshold int
    Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    certCacheCapacity Number
    Maximum capacity of the host certificate cache (0 - 500, default = 200).
    certCacheTimeout Number
    Time limit to keep certificate cache (1 - 120 min, default = 10).
    noMatchingCipherAction String
    Bypass or drop the connection when no matching cipher is found. Valid values: bypass, drop.
    proxyConnectTimeout Number
    Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
    sessionCacheCapacity Number
    Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
    sessionCacheTimeout Number
    Time limit to keep SSL session state (1 - 60 min, default = 20).
    sslDhBits String
    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: 768, 1024, 1536, 2048.
    sslSendEmptyFrags String
    Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). Valid values: enable, disable.
    abbreviateHandshake String
    Enable/disable use of SSL abbreviated handshake. Valid values: enable, disable.
    kxpQueueThreshold Number
    Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
    sslQueueThreshold Number
    Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Setting resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Setting Resource

    Get an existing Setting resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SettingState, opts?: CustomResourceOptions): Setting
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            abbreviate_handshake: Optional[str] = None,
            cert_cache_capacity: Optional[int] = None,
            cert_cache_timeout: Optional[int] = None,
            kxp_queue_threshold: Optional[int] = None,
            no_matching_cipher_action: Optional[str] = None,
            proxy_connect_timeout: Optional[int] = None,
            session_cache_capacity: Optional[int] = None,
            session_cache_timeout: Optional[int] = None,
            ssl_dh_bits: Optional[str] = None,
            ssl_queue_threshold: Optional[int] = None,
            ssl_send_empty_frags: Optional[str] = None,
            vdomparam: Optional[str] = None) -> Setting
    func GetSetting(ctx *Context, name string, id IDInput, state *SettingState, opts ...ResourceOption) (*Setting, error)
    public static Setting Get(string name, Input<string> id, SettingState? state, CustomResourceOptions? opts = null)
    public static Setting get(String name, Output<String> id, SettingState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AbbreviateHandshake string
    Enable/disable use of SSL abbreviated handshake. Valid values: enable, disable.
    CertCacheCapacity int
    Maximum capacity of the host certificate cache (0 - 500, default = 200).
    CertCacheTimeout int
    Time limit to keep certificate cache (1 - 120 min, default = 10).
    KxpQueueThreshold int
    Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
    NoMatchingCipherAction string
    Bypass or drop the connection when no matching cipher is found. Valid values: bypass, drop.
    ProxyConnectTimeout int
    Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
    SessionCacheCapacity int
    Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
    SessionCacheTimeout int
    Time limit to keep SSL session state (1 - 60 min, default = 20).
    SslDhBits string
    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: 768, 1024, 1536, 2048.
    SslQueueThreshold int
    Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
    SslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    AbbreviateHandshake string
    Enable/disable use of SSL abbreviated handshake. Valid values: enable, disable.
    CertCacheCapacity int
    Maximum capacity of the host certificate cache (0 - 500, default = 200).
    CertCacheTimeout int
    Time limit to keep certificate cache (1 - 120 min, default = 10).
    KxpQueueThreshold int
    Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
    NoMatchingCipherAction string
    Bypass or drop the connection when no matching cipher is found. Valid values: bypass, drop.
    ProxyConnectTimeout int
    Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
    SessionCacheCapacity int
    Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
    SessionCacheTimeout int
    Time limit to keep SSL session state (1 - 60 min, default = 20).
    SslDhBits string
    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: 768, 1024, 1536, 2048.
    SslQueueThreshold int
    Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
    SslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    abbreviateHandshake String
    Enable/disable use of SSL abbreviated handshake. Valid values: enable, disable.
    certCacheCapacity Integer
    Maximum capacity of the host certificate cache (0 - 500, default = 200).
    certCacheTimeout Integer
    Time limit to keep certificate cache (1 - 120 min, default = 10).
    kxpQueueThreshold Integer
    Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
    noMatchingCipherAction String
    Bypass or drop the connection when no matching cipher is found. Valid values: bypass, drop.
    proxyConnectTimeout Integer
    Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
    sessionCacheCapacity Integer
    Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
    sessionCacheTimeout Integer
    Time limit to keep SSL session state (1 - 60 min, default = 20).
    sslDhBits String
    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: 768, 1024, 1536, 2048.
    sslQueueThreshold Integer
    Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
    sslSendEmptyFrags String
    Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    abbreviateHandshake string
    Enable/disable use of SSL abbreviated handshake. Valid values: enable, disable.
    certCacheCapacity number
    Maximum capacity of the host certificate cache (0 - 500, default = 200).
    certCacheTimeout number
    Time limit to keep certificate cache (1 - 120 min, default = 10).
    kxpQueueThreshold number
    Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
    noMatchingCipherAction string
    Bypass or drop the connection when no matching cipher is found. Valid values: bypass, drop.
    proxyConnectTimeout number
    Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
    sessionCacheCapacity number
    Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
    sessionCacheTimeout number
    Time limit to keep SSL session state (1 - 60 min, default = 20).
    sslDhBits string
    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: 768, 1024, 1536, 2048.
    sslQueueThreshold number
    Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
    sslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). Valid values: enable, disable.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    abbreviate_handshake str
    Enable/disable use of SSL abbreviated handshake. Valid values: enable, disable.
    cert_cache_capacity int
    Maximum capacity of the host certificate cache (0 - 500, default = 200).
    cert_cache_timeout int
    Time limit to keep certificate cache (1 - 120 min, default = 10).
    kxp_queue_threshold int
    Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
    no_matching_cipher_action str
    Bypass or drop the connection when no matching cipher is found. Valid values: bypass, drop.
    proxy_connect_timeout int
    Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
    session_cache_capacity int
    Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
    session_cache_timeout int
    Time limit to keep SSL session state (1 - 60 min, default = 20).
    ssl_dh_bits str
    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: 768, 1024, 1536, 2048.
    ssl_queue_threshold int
    Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
    ssl_send_empty_frags str
    Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). Valid values: enable, disable.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    abbreviateHandshake String
    Enable/disable use of SSL abbreviated handshake. Valid values: enable, disable.
    certCacheCapacity Number
    Maximum capacity of the host certificate cache (0 - 500, default = 200).
    certCacheTimeout Number
    Time limit to keep certificate cache (1 - 120 min, default = 10).
    kxpQueueThreshold Number
    Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
    noMatchingCipherAction String
    Bypass or drop the connection when no matching cipher is found. Valid values: bypass, drop.
    proxyConnectTimeout Number
    Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
    sessionCacheCapacity Number
    Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
    sessionCacheTimeout Number
    Time limit to keep SSL session state (1 - 60 min, default = 20).
    sslDhBits String
    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: 768, 1024, 1536, 2048.
    sslQueueThreshold Number
    Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
    sslSendEmptyFrags String
    Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

    Import

    FirewallSsl Setting can be imported using any of these accepted formats:

    $ pulumi import fortios:firewall/ssl/setting:Setting labelname FirewallSslSetting
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:firewall/ssl/setting:Setting labelname FirewallSslSetting
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse