editSSLPolicy
The editSSLPolicy operation handles configuration related to SSLPolicy model.
Data Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | ||
| name | False | string | A string containing the name of the object Field level constraints: cannot be null, must match pattern (^[a-zA-Z0-9]$)|(^[a-zA-Z0-9][ a-zA-Z0-9.+-]*[a-zA-Z0-9.+-]$), cannot have HTML. (Note: Additional constraints might exist) |
||
| sslRules | False | [object] | An optional ordered list of SSLRule objects. Connections are matched against the rules in the order you specify until all relevant match criteria are satisfied, then the rule action is applied to the connection. If this list is empty, or a connection matches no SSL rule, the default action is applied to the connection. Allowed types are: [SSLRule] |
||
| undecryptableActions | False | object | A mandatory SSLUndecryptableActions object that defines the action to take for a connection when a decryption error occurs. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| decryptionCACertificate | False | object | A manadatory InternalCACertificate object that identifies the internal CA certificate to use for decrypt resign rules. Allowed types are: [InternalCACertificate] |
||
| internalCertificates | False | [object] | A list of InternalCertificate objects for use with decrypt known-key rules. For every decrypt known-key rule, you must identify the internal certificate that is required to decrypt traffic to the destination server. If you have no decrypt known-key rules, you can leave this list empty. Allowed types are: [InternalCACertificate, InternalCertificate] |
||
| defaultAction | False | object | A mandatory SSLPolicyDefaultAction object that defines the action to take for traffic that does not match any specific SSL decryption rules. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$, cannot have HTML. (Note: Additional constraints might exist) |
||
| type | False | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | ||
Path Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| objId | True | string | |||
Example
- name: Execute 'editSSLPolicy' operation
ftd_configuration:
operation: "editSSLPolicy"
data:
version: "{{ version }}"
name: "{{ name }}"
sslRules: "{{ ssl_rules }}"
undecryptableActions: "{{ undecryptable_actions }}"
decryptionCACertificate: "{{ decryption_ca_certificate }}"
internalCertificates: "{{ internal_certificates }}"
defaultAction: "{{ default_action }}"
id: "{{ id }}"
type: "{{ type }}"
path_params:
objId: "{{ obj_id }}"