editIkevTwoProposal
The editIkevTwoProposal operation handles configuration related to IkevTwoProposal model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | ||
| name | True | string | The name of the object, up to 64 characters. | ||
| encryptionTypes | False | [object] | A list of enum values that specifies the Encapsulating Security Protocol (ESP) encryption algorithm for this proposal. Specify all algorithms that you want to allow. The system negotiates with the peer, starting from the strongest to the weakest algorithm, until a match is agreed upon. Possible values are, in order of strength: NULL - A null encryption algorithm provides authentication without encryption. This is typically used for testing purposes only. DES - Data Encryption Standard, which encrypts using 56-bit keys, is a symmetric secret-key block algorithm. THREE_DES - Triple DES, which encrypts three times using 56-bit keys. AES - Advanced Encryption Standard is a symmetric cipher algorithm. AES uses 128-bit keys. AES192 - An Advanced Encryption Standard algorithm that uses 192-bit keys. AES256 - An Advanced Encryption Standard algorithm that uses 256-bit keys. AES_GCM - Advanced Encryption Standard in Galois/Counter Mode is a block cipher mode of operation providing confidentiality and data-origin authentication. AES_GCM uses 128-bit keys. AES_GCM192 - An Advanced Encryption Standard in Galois/Counter Mode that uses 192-bit keys. AES_GCM256 - An Advanced Encryption Standard in Galois/Counter Mode that uses 256-bit keys. AES_GMAC - Advanced Encryption Standard Galois Message Authentication Code is a block cipher mode of operation providing only data-origin authentication. AES_GMAC uses 128-bit keys. AES_GMAC192 - An Advanced Encryption Standard Galois Message Authentication Code that uses 192-bit keys. AES_GMAC256 - An Advanced Encryption Standard Galois Message Authentication Code that uses 256-bit keys. |
||
| integrityTypes | False | [object] | A list of enum values that specifies the hash or integrity algorithm to use for authentication. Select all algorithms that you want to allow. The system negotiates with the peer, starting from the strongest to the weakest algorithm, until a match is agreed upon. The integrity hash is not used with the AES-GCM/GMAC encryption options. Possible values are:NULL - A null hash algorithm. This is typically used for testing purposes only. However, you should choose the null integrity algorithm if you select one of the AES-GCM/GMAC options as the encryption algorithm. Even if you choose a non-null option, the integrity hash is ignored for these encryption standards. MD5 - The Message Digest 5 algorithm, which produces a 128-bit digest. SHA1 - The Secure Hash Algorithm, which produces a 160-bit digest. SHA256 - The Secure Hash Algorithm SHA 2 with a 256-bit digest. SHA384 - The Secure Hash Algorithm SHA 2 with a 384-bit digest. SHA512 - The Secure Hash Algorithm SHA 2 with a 512-bit digest. |
||
| summaryLabel | False | string | A system-provided string that describes the IKE proposal. | ||
| cryptoRestricted | False | boolean | A system-provided Boolean value, TRUE or FALSE. The TRUE value indicates that the proposal uses strong cryptography, which is controlled by export regulations. A device must be registered export-controlled functionality to use a strong encryption proposal. | ||
| defaultAssignable | False | boolean | A system-provided Boolean value, TRUE or FALSE. The TRUE value indicates that the proposal is part of the default set of proposals. The default set differs based on whether the device is registered for export-controlled functionality | ||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
||
| isSystemDefined | False | boolean | A Boolean value, TRUE or FALSE (the default). The TRUE value indicates that the system created the object. FALSE indicates that the object is user-defined. | ||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | ||
Path Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| objId | True | string | |||
Example
- name: Execute 'editIkevTwoProposal' operation
ftd_configuration:
operation: "editIkevTwoProposal"
data:
version: "{{ version }}"
name: "{{ name }}"
encryptionTypes: "{{ encryption_types }}"
integrityTypes: "{{ integrity_types }}"
summaryLabel: "{{ summary_label }}"
cryptoRestricted: "{{ crypto_restricted }}"
defaultAssignable: "{{ default_assignable }}"
id: "{{ id }}"
isSystemDefined: "{{ is_system_defined }}"
type: "{{ type }}"
path_params:
objId: "{{ obj_id }}"