upsertIkevOneProposal
The upsertIkevOneProposal operation handles configuration related to IkevOneProposal model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | ||
| name | True | string | The name of the object, up to 64 characters. | ||
| encryptionMethod | True | string | An enum value that specifies the Encapsulating Security Protocol (ESP) encryption algorithm for this proposal. Possible values are, in order of strength: ESP_NULL - A null encryption algorithm provides authentication without encryption. This is typically used for testing purposes only. ESP_DES - Data Encryption Standard, which encrypts using 56-bit keys, is a symmetric secret-key block algorithm. ESP_THREE_DES - Triple DES, which encrypts three times using 56-bit keys. ESP_AES - Advanced Encryption Standard is a symmetric cipher algorithm. AES uses 128-bit keys. ESP_AES192 - An Advanced Encryption Standard algorithm that uses 192-bit keys. ESP_AES256 - An Advanced Encryption Standard algorithm that uses 256-bit keys. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| authenticationMethod | True | string | An enum value that specifies the hash or integrity algorithm to use for authentication. Possible values are: ESP_NONE - A null hash algorithm. This is typically used for testing purposes only. ESP_MD5_HMAC - The Message Digest 5 algorithm, which produces a 128-bit digest. ESP_SHA_HMAC - The Secure Hash Algorithm, which produces a 160-bit digest. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| mode | True | string | An enum value that specifies the mode in which the IPSec tunnel operates. Possible values are: TUNNEL (the default) - Tunnel mode encapsulates the entire IP packet. The IPSec header is added between the original IP header and a new IP header. Use tunnel mode when the firewall is protecting traffic to and from hosts positioned behind the firewall. Tunnel mode is the normal way regular IPSec is implemented between two firewalls (or other security gateways) that are connected over an untrusted network, such as the Internet. TRANSPORT - Transport mode encapsulates only the upper-layer protocols of an IP packet. The IPSec header is inserted between the IP header and the upper-layer protocol header (such as TCP). Transport mode requires that both the source and destination hosts support IPSec, and can only be used when the destination peer of the tunnel is the final destination of the IP packet. Transport mode is generally used only when protecting a Layer 2 or Layer 3 tunneling protocol such as GRE, L2TP, and DLSW. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| summaryLabel | False | string | A system-provided string that describes the IKE proposal. | ||
| cryptoRestricted | False | boolean | A system-provided Boolean value, TRUE or FALSE. The TRUE value indicates that the proposal uses strong cryptography, which is controlled by export regulations. A device must be registered export-controlled functionality to use a strong encryption proposal. | ||
| defaultAssignable | False | boolean | A system-provided Boolean value, TRUE or FALSE. The TRUE value indicates that the proposal is part of the default set of proposals. The default set differs based on whether the device is registered for export-controlled functionality | ||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
||
| isSystemDefined | False | boolean | A Boolean value, TRUE or FALSE (the default). The TRUE value indicates that the system created the object. FALSE indicates that the object is user-defined. | ||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | ||
Query Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| filter | False | string | The criteria used to filter the models you are requesting. It should have the following format: {key}{operator}{value}[;{key}{operator}{value}]. Supported operators are: "!"(not equals), ":"(equals), "~"(similar). Supported keys are: "name", "fts". The "fts" filter cannot be used with other filters. Default filtering for Upsert operation is done by name. | ||
Example
- name: Execute 'upsertIkevOneProposal' operation
ftd_configuration:
operation: "upsertIkevOneProposal"
data:
version: "{{ version }}"
name: "{{ name }}"
encryptionMethod: "{{ encryption_method }}"
authenticationMethod: "{{ authentication_method }}"
mode: "{{ mode }}"
summaryLabel: "{{ summary_label }}"
cryptoRestricted: "{{ crypto_restricted }}"
defaultAssignable: "{{ default_assignable }}"
id: "{{ id }}"
isSystemDefined: "{{ is_system_defined }}"
type: "{{ type }}"
query_params:
filter: "{{ filter }}"