Associated URIs:

API Description	API Path
List TLS Config Profiles API will list all TLS Config Profiles	GET /policy/api/v1/infra/security/tls-inspection-config-profiles (Experimental) GET /policy/api/v1/global-infra/security/tls-inspection-config-profiles (Experimental)
Delete TLS Config Profile API will delete TLS Config Profile	DELETE /policy/api/v1/infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental) DELETE /policy/api/v1/global-infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental)
Get TLS Config Profile API will get TLS Config Profile	GET /policy/api/v1/infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental) GET /policy/api/v1/global-infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental)
Create or update TLS Config Profile API will create/update TLS Config Profile	PATCH /policy/api/v1/infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental) PATCH /policy/api/v1/global-infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental)
Update TLS Config Profile API will update TLS Config Profile	PUT /policy/api/v1/infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental) PUT /policy/api/v1/global-infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental)
TLS inspection execution state details for the tier1 TLS inspection execution state details for the tier1	GET /policy/api/v1/infra/tier-1s/<tier-1-id>/tls-inspection-state
TLS inspection execution state fqdn details for the tier1 TLS inspection execution state fqdn details for the tier1	GET /policy/api/v1/infra/tier-1s/<tier-1-id>/tls-inspection-state/fqdns
Get TLS inspection FQDN state Get TLS inspection FQDN state	GET /policy/api/v1/infra/tier-1s/<tier-1-id>/tls-inspection-state/fqdns/<fqdn-id>
Delete TLS Config Profile Binding for Tier-1 Logical Router API will delete TLS Config Profile Binding for Tier-1 Logical Router.	DELETE /policy/api/v1/infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>
Get TLS Config Profile Binding Map for Tier-1 Logical Router API will get TLS Config Profile Binding Map for Tier-1 Logical Router.	GET /policy/api/v1/global-infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id> GET /policy/api/v1/infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>
Create or update TLS Config Profile Binding Map for Tier-1 Logical Router API will create or update TLS Config profile binding map for Tier-1 Logical Router.	PATCH /policy/api/v1/infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>
Create or update TLS Config Profile Binding Map for Tier-1 Logical Router API will create or update TLS Config profile binding map for Tier-1 Logical Router.	PUT /policy/api/v1/infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>
Get Tls profiles available. List all the Tls profiles available by requested resource_type.	GET /policy/api/v1/infra/tls-inspection-action-profiles
Delete a Tls profile. Deletes a Tls profile.	DELETE /policy/api/v1/infra/tls-inspection-action-profiles/<action-profile-id>
Get TLS profile with id. Return Tls profile.	GET /policy/api/v1/infra/tls-inspection-action-profiles/<action-profile-id>
Create a Tls profile. Create a Tls profile with values provided. It creates profile based on the resource_type in the payload. Each action profile supports the following 3 pre-defined config setting defaults: Balanced, High Fidelity and High Security. 1 - External Profile Balanced (default) Sample intent path: /infra/tls-inspection-action-profiles/external-balanced-profile API payload: { "tls_config_setting": "BALANCED", "resource_type": "TlsInspectionExternalProfile", "proxy_trusted_ca_cert": "/infra/certificates/caCert1", "proxy_untrusted_ca_cert": "/infra/certificates/caCert2" } Profile with default settings: { "tls_config_setting": "BALANCED", "invalid_cert_action": "ALLOW", "decryption_fail_action": "BYPASS", "crypto_enforcement": "ENFORCE", "client_min_tls_version": "TLS_V1_1", "client_max_tls_version": "TLS_V1_2", "server_min_tls_version": "TLS_V1_1", "server_max_tls_version": "TLS_V1_2", "client_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256" ], "server_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256" ], "proxy_trusted_ca_cert": "/infra/certificates/caCert1", "proxy_untrusted_ca_cert": "/infra/certificates/caCert2", "ocsp_must_staple": false, "resource_type": "TlsInspectionExternalProfile", "id": "external-balanced-profile", "display_name": "external-balanced-profile", "path": "/infra/tls-inspection-action-profiles/external-balanced-profile", "relative_path": "external-balanced-profile", "parent_path": "/infra", "unique_id": "bb236080-e49d-4475-9eb3-b749b075164a", "marked_for_delete": false, "overridden": false, "trusted_ca_bundles": [ "/infra/cabundles/default_trusted_public_ca_bundle" ], "crls": [ "/infra/crls/nsx_default_public_crl" ], "idle_connection_timeout": 5400, "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1622225641015, "_last_modified_user": "admin", "_last_modified_time": 1622225641015, "_revision": 0 } 2 - External Profile High Fidelity Sample intent path: /infra/tls-inspection-action-profiles/external-high-fidelity-profile Sample intent path: { "tls_config_setting": "HIGH_FIDELITY", "resource_type": "TlsInspectionExternalProfile", "proxy_trusted_ca_cert": "/infra/certificates/caCert1", "proxy_untrusted_ca_cert": "/infra/certificates/caCert2" } Profile with default settings: { "tls_config_setting": "HIGH_FIDELITY", "invalid_cert_action": "ALLOW", "decryption_fail_action": "BYPASS", "crypto_enforcement": "TRANSPARENT", "client_min_tls_version": "", "client_max_tls_version": "", "server_min_tls_version": "", "server_max_tls_version": "", "client_cipher_suite": [], "server_cipher_suite": [], "proxy_trusted_ca_cert": "/infra/certificates/caCert1", "proxy_untrusted_ca_cert": "/infra/certificates/caCert2", "ocsp_must_staple": false, "resource_type": "TlsInspectionExternalProfile", "id": "external-high-fidelity-profile", "display_name": "external-high-fidelity-profile", "path": "/infra/tls-inspection-action-profiles/external-high-fidelity-profile", "relative_path": "external-high-fidelity-profile", "parent_path": "/infra", "unique_id": "bb6c8604-c8eb-44dd-aded-7407e0ca887c", "marked_for_delete": false, "overridden": false, "trusted_ca_bundles": [ "/infra/cabundles/default_trusted_public_ca_bundle" ], "crls": [ "/infra/crls/nsx_default_public_crl" ], "idle_connection_timeout": 5400, "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1622225537386, "_last_modified_user": "admin", "_last_modified_time": 1622225537386, "_revision": 0 } 3 - External Profile High Security Sample intent path:/infra/tls-inspection-action-profiles/external-high-security-profile Sample intent path: { "tls_config_setting": "HIGH_SECURITY", "resource_type": "TlsInspectionExternalProfile", "proxy_trusted_ca_cert": "/infra/certificates/caCert1", "proxy_untrusted_ca_cert": "/infra/certificates/caCert2" } Profile with default settings: { "tls_config_setting": "HIGH_SECURITY", "invalid_cert_action": "BLOCK", "decryption_fail_action": "BLOCK", "crypto_enforcement": "ENFORCE", "client_min_tls_version": "TLS_V1_2", "client_max_tls_version": "TLS_V1_2", "server_min_tls_version": "TLS_V1_2", "server_max_tls_version": "TLS_V1_2", "client_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ], "server_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ], "proxy_trusted_ca_cert": "/infra/certificates/caCert1", "proxy_untrusted_ca_cert": "/infra/certificates/caCert2", "ocsp_must_staple": false, "resource_type": "TlsInspectionExternalProfile", "id": "external-high-security-profile", "display_name": "external-high-security-profile", "path": "/infra/tls-inspection-action-profiles/external-high-security-profile", "relative_path": "external-high-security-profile", "parent_path": "/infra", "unique_id": "e19cbc40-c679-4f32-9e40-aa5eedf7f254", "marked_for_delete": false, "overridden": false, "trusted_ca_bundles": [ "/infra/cabundles/default_trusted_public_ca_bundle" ], "crls": [ "/infra/crls/nsx_default_public_crl" ], "idle_connection_timeout": 5400, "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1622141786963, "_last_modified_user": "admin", "_last_modified_time": 1622225387352, "_revision": 4 } 4 - Internal Profile Balanced Sample intent path:/infra/tls-inspection-action-profiles/internal-balanced-profile Sample intent path: { "tls_config_setting": "BALANCED", "resource_type": "TlsInspectionInternalProfile", "server_certs_key": ["/infra/certificates/server-cert-1"], "default_cert_key": "/infra/certificates/server-cert-1" } Profile with default settings: { "tls_config_setting": "BALANCED", "decryption_fail_action": "BYPASS", "crypto_enforcement": "ENFORCE", "client_min_tls_version": "TLS_V1_1", "client_max_tls_version": "TLS_V1_2", "server_min_tls_version": "TLS_V1_1", "server_max_tls_version": "TLS_V1_2", "client_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256" ], "server_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256" ], "server_certs_key": [ "/infra/certificates/server-cert-1" ], "default_cert_key": "/infra/certificates/server-cert-1", "ocsp_must_staple": false, "certificate_validation": false, "resource_type": "TlsInspectionInternalProfile", "id": "internal-balanced-profile", "display_name": "internal-balanced-profile", "path": "/infra/tls-inspection-action-profiles/internal-balanced-profile", "relative_path": "internal-balanced-profile", "parent_path": "/infra", "unique_id": "b8486763-843a-4894-8dfd-5bceebb10cd3", "marked_for_delete": false, "overridden": false, "trusted_ca_bundles": [ "/infra/cabundles/default_trusted_public_ca_bundle" ], "crls": [ "/infra/crls/nsx_default_public_crl" ], "idle_connection_timeout": 5400, "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1622071598527, "_last_modified_user": "admin", "_last_modified_time": 1622071598527, "_revision": 0 } 5 - Internal Profile High Fidelity Sample intent path:/infra/tls-inspection-action-profiles/internal-high-fidelity-profile Sample intent path: { "tls_config_setting": "HIGH_FIDELITY", "resource_type": "TlsInspectionInternalProfile", "server_certs_key": ["/infra/certificates/server-cert-1"], "default_cert_key": "/infra/certificates/server-cert-1" } Profile with default settings: { "tls_config_setting": "HIGH_FIDELITY", "decryption_fail_action": "BYPASS", "crypto_enforcement": "TRANSPARENT", "client_min_tls_version": "", "client_max_tls_version": "", "server_min_tls_version": "", "server_max_tls_version": "", "client_cipher_suite": [], "server_cipher_suite": [], "server_certs_key": [ "/infra/certificates/server-cert-1" ], "default_cert_key": "/infra/certificates/server-cert-1", "ocsp_must_staple": false, "certificate_validation": false, "resource_type": "TlsInspectionInternalProfile", "id": "internal-high-fidelity-profile", "display_name": "internal-high-fidelity-profile", "path": "/infra/tls-inspection-action-profiles/internal-high-fidelity-profile", "relative_path": "internal-high-fidelity-profile", "parent_path": "/infra", "unique_id": "27609d17-e642-4a7a-b414-176b3f7eca8d", "marked_for_delete": false, "overridden": false, "trusted_ca_bundles": [ "/infra/cabundles/default_trusted_public_ca_bundle" ], "crls": [ "/infra/crls/nsx_default_public_crl" ], "idle_connection_timeout": 5400, "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1622071452299, "_last_modified_user": "admin", "_last_modified_time": 1622071452299, "_revision": 0 } 6 - Internal Profile High Security Sample intent path:/infra/tls-inspection-action-profiles/internal-high-security-profile Sample intent path: { "tls_config_setting": "HIGH_SECURITY", "resource_type": "TlsInspectionInternalProfile", "server_certs_key": ["/infra/certificates/server-cert-1"], "default_cert_key": "/infra/certificates/server-cert-1" } Profile with default settings: { "tls_config_setting": "HIGH_SECURITY", "decryption_fail_action": "BLOCK", "crypto_enforcement": "ENFORCE", "client_min_tls_version": "TLS_V1_2", "client_max_tls_version": "TLS_V1_2", "server_min_tls_version": "TLS_V1_2", "server_max_tls_version": "TLS_V1_2", "client_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ], "server_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ], "server_certs_key": [ "/infra/certificates/server-cert-1" ], "default_cert_key": "/infra/certificates/server-cert-1", "ocsp_must_staple": false, "certificate_validation": false, "resource_type": "TlsInspectionInternalProfile", "id": "internal-high-security-profile", "display_name": "internal-high-security-profile", "path": "/infra/tls-inspection-action-profiles/internal-high-security-profile", "relative_path": "internal-high-security-profile", "parent_path": "/infra", "unique_id": "52e3e7e8-718d-4eaf-a177-501f196c421a", "marked_for_delete": false, "overridden": false, "trusted_ca_bundles": [ "/infra/cabundles/default_trusted_public_ca_bundle" ], "crls": [ "/infra/crls/nsx_default_public_crl" ], "idle_connection_timeout": 5400, "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1622071359539, "_last_modified_user": "admin", "_last_modified_time": 1622071359539, "_revision": 0 }	PATCH /policy/api/v1/infra/tls-inspection-action-profiles/<action-profile-id>
Update a Tls profile. Update user configurable properties of Tls profile. Each action profile supports the following 3 pre-defined config setting defaults: Balanced, High Fidelity and High Security. 1 - External Profile Balanced (default) Sample intent path: /infra/tls-inspection-action-profiles/external-balanced-profile API payload: { "tls_config_setting": "BALANCED", "resource_type": "TlsInspectionExternalProfile", "proxy_trusted_ca_cert": "/infra/certificates/caCert1", "proxy_untrusted_ca_cert": "/infra/certificates/caCert2" } Profile with default settings: { "tls_config_setting": "BALANCED", "invalid_cert_action": "ALLOW", "decryption_fail_action": "BYPASS", "crypto_enforcement": "ENFORCE", "client_min_tls_version": "TLS_V1_1", "client_max_tls_version": "TLS_V1_2", "server_min_tls_version": "TLS_V1_1", "server_max_tls_version": "TLS_V1_2", "client_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256" ], "server_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256" ], "proxy_trusted_ca_cert": "/infra/certificates/caCert1", "proxy_untrusted_ca_cert": "/infra/certificates/caCert2", "ocsp_must_staple": false, "resource_type": "TlsInspectionExternalProfile", "id": "external-balanced-profile", "display_name": "external-balanced-profile", "path": "/infra/tls-inspection-action-profiles/external-balanced-profile", "relative_path": "external-balanced-profile", "parent_path": "/infra", "unique_id": "bb236080-e49d-4475-9eb3-b749b075164a", "marked_for_delete": false, "overridden": false, "trusted_ca_bundles": [ "/infra/cabundles/default_trusted_public_ca_bundle" ], "crls": [ "/infra/crls/nsx_default_public_crl" ], "idle_connection_timeout": 5400, "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1622225641015, "_last_modified_user": "admin", "_last_modified_time": 1622225641015, "_revision": 0 } 2 - External Profile High Fidelity Sample intent path: /infra/tls-inspection-action-profiles/external-high-fidelity-profile Sample intent path: { "tls_config_setting": "HIGH_FIDELITY", "resource_type": "TlsInspectionExternalProfile", "proxy_trusted_ca_cert": "/infra/certificates/caCert1", "proxy_untrusted_ca_cert": "/infra/certificates/caCert2" } Profile with default settings: { "tls_config_setting": "HIGH_FIDELITY", "invalid_cert_action": "ALLOW", "decryption_fail_action": "BYPASS", "crypto_enforcement": "TRANSPARENT", "client_min_tls_version": "", "client_max_tls_version": "", "server_min_tls_version": "", "server_max_tls_version": "", "client_cipher_suite": [], "server_cipher_suite": [], "proxy_trusted_ca_cert": "/infra/certificates/caCert1", "proxy_untrusted_ca_cert": "/infra/certificates/caCert2", "ocsp_must_staple": false, "resource_type": "TlsInspectionExternalProfile", "id": "external-high-fidelity-profile", "display_name": "external-high-fidelity-profile", "path": "/infra/tls-inspection-action-profiles/external-high-fidelity-profile", "relative_path": "external-high-fidelity-profile", "parent_path": "/infra", "unique_id": "bb6c8604-c8eb-44dd-aded-7407e0ca887c", "marked_for_delete": false, "overridden": false, "trusted_ca_bundles": [ "/infra/cabundles/default_trusted_public_ca_bundle" ], "crls": [ "/infra/crls/nsx_default_public_crl" ], "idle_connection_timeout": 5400, "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1622225537386, "_last_modified_user": "admin", "_last_modified_time": 1622225537386, "_revision": 0 } 3 - External Profile High Security Sample intent path:/infra/tls-inspection-action-profiles/external-high-security-profile Sample intent path: { "tls_config_setting": "HIGH_SECURITY", "resource_type": "TlsInspectionExternalProfile", "proxy_trusted_ca_cert": "/infra/certificates/caCert1", "proxy_untrusted_ca_cert": "/infra/certificates/caCert2" } Profile with default settings: { "tls_config_setting": "HIGH_SECURITY", "invalid_cert_action": "BLOCK", "decryption_fail_action": "BLOCK", "crypto_enforcement": "ENFORCE", "client_min_tls_version": "TLS_V1_2", "client_max_tls_version": "TLS_V1_2", "server_min_tls_version": "TLS_V1_2", "server_max_tls_version": "TLS_V1_2", "client_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ], "server_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ], "proxy_trusted_ca_cert": "/infra/certificates/caCert1", "proxy_untrusted_ca_cert": "/infra/certificates/caCert2", "ocsp_must_staple": false, "resource_type": "TlsInspectionExternalProfile", "id": "external-high-security-profile", "display_name": "external-high-security-profile", "path": "/infra/tls-inspection-action-profiles/external-high-security-profile", "relative_path": "external-high-security-profile", "parent_path": "/infra", "unique_id": "e19cbc40-c679-4f32-9e40-aa5eedf7f254", "marked_for_delete": false, "overridden": false, "trusted_ca_bundles": [ "/infra/cabundles/default_trusted_public_ca_bundle" ], "crls": [ "/infra/crls/nsx_default_public_crl" ], "idle_connection_timeout": 5400, "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1622141786963, "_last_modified_user": "admin", "_last_modified_time": 1622225387352, "_revision": 4 } 4 - Internal Profile Balanced Sample intent path:/infra/tls-inspection-action-profiles/internal-balanced-profile Sample intent path: { "tls_config_setting": "BALANCED", "resource_type": "TlsInspectionInternalProfile", "server_certs_key": ["/infra/certificates/server-cert-1"], "default_cert_key": "/infra/certificates/server-cert-1" } Profile with default settings: { "tls_config_setting": "BALANCED", "decryption_fail_action": "BYPASS", "crypto_enforcement": "ENFORCE", "client_min_tls_version": "TLS_V1_1", "client_max_tls_version": "TLS_V1_2", "server_min_tls_version": "TLS_V1_1", "server_max_tls_version": "TLS_V1_2", "client_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256" ], "server_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256" ], "server_certs_key": [ "/infra/certificates/server-cert-1" ], "default_cert_key": "/infra/certificates/server-cert-1", "ocsp_must_staple": false, "certificate_validation": false, "resource_type": "TlsInspectionInternalProfile", "id": "internal-balanced-profile", "display_name": "internal-balanced-profile", "path": "/infra/tls-inspection-action-profiles/internal-balanced-profile", "relative_path": "internal-balanced-profile", "parent_path": "/infra", "unique_id": "b8486763-843a-4894-8dfd-5bceebb10cd3", "marked_for_delete": false, "overridden": false, "trusted_ca_bundles": [ "/infra/cabundles/default_trusted_public_ca_bundle" ], "crls": [ "/infra/crls/nsx_default_public_crl" ], "idle_connection_timeout": 5400, "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1622071598527, "_last_modified_user": "admin", "_last_modified_time": 1622071598527, "_revision": 0 } 5 - Internal Profile High Fidelity Sample intent path:/infra/tls-inspection-action-profiles/internal-high-fidelity-profile Sample intent path: { "tls_config_setting": "HIGH_FIDELITY", "resource_type": "TlsInspectionInternalProfile", "server_certs_key": ["/infra/certificates/server-cert-1"], "default_cert_key": "/infra/certificates/server-cert-1" } Profile with default settings: { "tls_config_setting": "HIGH_FIDELITY", "decryption_fail_action": "BYPASS", "crypto_enforcement": "TRANSPARENT", "client_min_tls_version": "", "client_max_tls_version": "", "server_min_tls_version": "", "server_max_tls_version": "", "client_cipher_suite": [], "server_cipher_suite": [], "server_certs_key": [ "/infra/certificates/server-cert-1" ], "default_cert_key": "/infra/certificates/server-cert-1", "ocsp_must_staple": false, "certificate_validation": false, "resource_type": "TlsInspectionInternalProfile", "id": "internal-high-fidelity-profile", "display_name": "internal-high-fidelity-profile", "path": "/infra/tls-inspection-action-profiles/internal-high-fidelity-profile", "relative_path": "internal-high-fidelity-profile", "parent_path": "/infra", "unique_id": "27609d17-e642-4a7a-b414-176b3f7eca8d", "marked_for_delete": false, "overridden": false, "trusted_ca_bundles": [ "/infra/cabundles/default_trusted_public_ca_bundle" ], "crls": [ "/infra/crls/nsx_default_public_crl" ], "idle_connection_timeout": 5400, "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1622071452299, "_last_modified_user": "admin", "_last_modified_time": 1622071452299, "_revision": 0 } 6 - Internal Profile High Security Sample intent path:/infra/tls-inspection-action-profiles/internal-high-security-profile Sample intent path: { "tls_config_setting": "HIGH_SECURITY", "resource_type": "TlsInspectionInternalProfile", "server_certs_key": ["/infra/certificates/server-cert-1"], "default_cert_key": "/infra/certificates/server-cert-1" } Profile with default settings: { "tls_config_setting": "HIGH_SECURITY", "decryption_fail_action": "BLOCK", "crypto_enforcement": "ENFORCE", "client_min_tls_version": "TLS_V1_2", "client_max_tls_version": "TLS_V1_2", "server_min_tls_version": "TLS_V1_2", "server_max_tls_version": "TLS_V1_2", "client_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ], "server_cipher_suite": [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ], "server_certs_key": [ "/infra/certificates/server-cert-1" ], "default_cert_key": "/infra/certificates/server-cert-1", "ocsp_must_staple": false, "certificate_validation": false, "resource_type": "TlsInspectionInternalProfile", "id": "internal-high-security-profile", "display_name": "internal-high-security-profile", "path": "/infra/tls-inspection-action-profiles/internal-high-security-profile", "relative_path": "internal-high-security-profile", "parent_path": "/infra", "unique_id": "52e3e7e8-718d-4eaf-a177-501f196c421a", "marked_for_delete": false, "overridden": false, "trusted_ca_bundles": [ "/infra/cabundles/default_trusted_public_ca_bundle" ], "crls": [ "/infra/crls/nsx_default_public_crl" ], "idle_connection_timeout": 5400, "_system_owned": false, "_protection": "NOT_PROTECTED", "_create_user": "admin", "_create_time": 1622071359539, "_last_modified_user": "admin", "_last_modified_time": 1622071359539, "_revision": 0 }	PUT /policy/api/v1/infra/tls-inspection-action-profiles/<action-profile-id>
List TLS policies List all TLS policies.	GET /policy/api/v1/infra/tls-inspection-policies
Delete TlsPolicy Delete TlsPolicy	DELETE /policy/api/v1/infra/tls-inspection-policies/<policy-id>
Read tls policy Read TLS policy.	GET /policy/api/v1/infra/tls-inspection-policies/<policy-id>
Update TLS policy Update the TLS policy. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a TLS policy use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it.	PATCH /policy/api/v1/infra/tls-inspection-policies/<policy-id>
Update TLS policy Update the TLS policy. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a TLS policy, use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it.	PUT /policy/api/v1/infra/tls-inspection-policies/<policy-id>
List TLS rules List TLS rules	GET /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules
Delete rule Delete rule	DELETE /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules/<rule-id>
Read rule Read rule	GET /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules/<rule-id>
Update TLS rule Update the TLS rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you want to edit several rules in a TLS policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/tls-inspection-policies/<policy-id>	PATCH /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules/<rule-id>
Update TLS rule Update the TLS rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you want to edit several rules in a TLS policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/tls-inspection-policies/<policy-id>	PUT /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules/<rule-id>

Policy > Security > North South Security > Gateway Firewall > Tls Inspection

Associated URIs:

List TLS Config Profiles

Delete TLS Config Profile

Get TLS Config Profile

Create or update TLS Config Profile

Update TLS Config Profile

TLS inspection execution state details for the tier1

TLS inspection execution state fqdn details for the tier1

Get TLS inspection FQDN state

Delete TLS Config Profile Binding for Tier-1 Logical Router

Get TLS Config Profile Binding Map for Tier-1 Logical Router

Create or update TLS Config Profile Binding Map for Tier-1 Logical Router

Create or update TLS Config Profile Binding Map for Tier-1 Logical Router

Get Tls profiles available.

Delete a Tls profile.

Get TLS profile with id.

Create a Tls profile.

Update a Tls profile.

List TLS policies

Delete TlsPolicy

Read tls policy

Update TLS policy

Update TLS policy

List TLS rules

Delete rule

Read rule

Update TLS rule

Update TLS rule