Create a Tls profile with values provided. It creates profile based on the resource_type in the payload.
Each action profile supports the following 3 pre-defined config setting defaults:
Balanced, High Fidelity and High Security.
1 - External Profile Balanced (default)
Sample intent path: /infra/tls-inspection-action-profiles/external-balanced-profile
API payload:
{
"tls_config_setting": "BALANCED",
"resource_type": "TlsInspectionExternalProfile",
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2"
}
Profile with default settings:
{
"tls_config_setting": "BALANCED",
"invalid_cert_action": "ALLOW",
"decryption_fail_action": "BYPASS",
"crypto_enforcement": "ENFORCE",
"client_min_tls_version": "TLS_V1_1",
"client_max_tls_version": "TLS_V1_2",
"server_min_tls_version": "TLS_V1_1",
"server_max_tls_version": "TLS_V1_2",
"client_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"server_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2",
"ocsp_must_staple": false,
"resource_type": "TlsInspectionExternalProfile",
"id": "external-balanced-profile",
"display_name": "external-balanced-profile",
"path": "/infra/tls-inspection-action-profiles/external-balanced-profile",
"relative_path": "external-balanced-profile",
"parent_path": "/infra",
"unique_id": "bb236080-e49d-4475-9eb3-b749b075164a",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622225641015,
"_last_modified_user": "admin",
"_last_modified_time": 1622225641015,
"_revision": 0
}
2 - External Profile High Fidelity
Sample intent path: /infra/tls-inspection-action-profiles/external-high-fidelity-profile
Sample intent path:
{
"tls_config_setting": "HIGH_FIDELITY",
"resource_type": "TlsInspectionExternalProfile",
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2"
}
Profile with default settings:
{
"tls_config_setting": "HIGH_FIDELITY",
"invalid_cert_action": "ALLOW",
"decryption_fail_action": "BYPASS",
"crypto_enforcement": "TRANSPARENT",
"client_min_tls_version": "",
"client_max_tls_version": "",
"server_min_tls_version": "",
"server_max_tls_version": "",
"client_cipher_suite": [],
"server_cipher_suite": [],
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2",
"ocsp_must_staple": false,
"resource_type": "TlsInspectionExternalProfile",
"id": "external-high-fidelity-profile",
"display_name": "external-high-fidelity-profile",
"path": "/infra/tls-inspection-action-profiles/external-high-fidelity-profile",
"relative_path": "external-high-fidelity-profile",
"parent_path": "/infra",
"unique_id": "bb6c8604-c8eb-44dd-aded-7407e0ca887c",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622225537386,
"_last_modified_user": "admin",
"_last_modified_time": 1622225537386,
"_revision": 0
}
3 - External Profile High Security
Sample intent path:/infra/tls-inspection-action-profiles/external-high-security-profile
Sample intent path:
{
"tls_config_setting": "HIGH_SECURITY",
"resource_type": "TlsInspectionExternalProfile",
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2"
}
Profile with default settings:
{
"tls_config_setting": "HIGH_SECURITY",
"invalid_cert_action": "BLOCK",
"decryption_fail_action": "BLOCK",
"crypto_enforcement": "ENFORCE",
"client_min_tls_version": "TLS_V1_2",
"client_max_tls_version": "TLS_V1_2",
"server_min_tls_version": "TLS_V1_2",
"server_max_tls_version": "TLS_V1_2",
"client_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],
"server_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2",
"ocsp_must_staple": false,
"resource_type": "TlsInspectionExternalProfile",
"id": "external-high-security-profile",
"display_name": "external-high-security-profile",
"path": "/infra/tls-inspection-action-profiles/external-high-security-profile",
"relative_path": "external-high-security-profile",
"parent_path": "/infra",
"unique_id": "e19cbc40-c679-4f32-9e40-aa5eedf7f254",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622141786963,
"_last_modified_user": "admin",
"_last_modified_time": 1622225387352,
"_revision": 4
}
4 - Internal Profile Balanced
Sample intent path:/infra/tls-inspection-action-profiles/internal-balanced-profile
Sample intent path:
{
"tls_config_setting": "BALANCED",
"resource_type": "TlsInspectionInternalProfile",
"server_certs_key": ["/infra/certificates/server-cert-1"],
"default_cert_key": "/infra/certificates/server-cert-1"
}
Profile with default settings:
{
"tls_config_setting": "BALANCED",
"decryption_fail_action": "BYPASS",
"crypto_enforcement": "ENFORCE",
"client_min_tls_version": "TLS_V1_1",
"client_max_tls_version": "TLS_V1_2",
"server_min_tls_version": "TLS_V1_1",
"server_max_tls_version": "TLS_V1_2",
"client_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"server_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"server_certs_key": [
"/infra/certificates/server-cert-1"
],
"default_cert_key": "/infra/certificates/server-cert-1",
"ocsp_must_staple": false,
"certificate_validation": false,
"resource_type": "TlsInspectionInternalProfile",
"id": "internal-balanced-profile",
"display_name": "internal-balanced-profile",
"path": "/infra/tls-inspection-action-profiles/internal-balanced-profile",
"relative_path": "internal-balanced-profile",
"parent_path": "/infra",
"unique_id": "b8486763-843a-4894-8dfd-5bceebb10cd3",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622071598527,
"_last_modified_user": "admin",
"_last_modified_time": 1622071598527,
"_revision": 0
}
5 - Internal Profile High Fidelity
Sample intent path:/infra/tls-inspection-action-profiles/internal-high-fidelity-profile
Sample intent path:
{
"tls_config_setting": "HIGH_FIDELITY",
"resource_type": "TlsInspectionInternalProfile",
"server_certs_key": ["/infra/certificates/server-cert-1"],
"default_cert_key": "/infra/certificates/server-cert-1"
}
Profile with default settings:
{
"tls_config_setting": "HIGH_FIDELITY",
"decryption_fail_action": "BYPASS",
"crypto_enforcement": "TRANSPARENT",
"client_min_tls_version": "",
"client_max_tls_version": "",
"server_min_tls_version": "",
"server_max_tls_version": "",
"client_cipher_suite": [],
"server_cipher_suite": [],
"server_certs_key": [
"/infra/certificates/server-cert-1"
],
"default_cert_key": "/infra/certificates/server-cert-1",
"ocsp_must_staple": false,
"certificate_validation": false,
"resource_type": "TlsInspectionInternalProfile",
"id": "internal-high-fidelity-profile",
"display_name": "internal-high-fidelity-profile",
"path": "/infra/tls-inspection-action-profiles/internal-high-fidelity-profile",
"relative_path": "internal-high-fidelity-profile",
"parent_path": "/infra",
"unique_id": "27609d17-e642-4a7a-b414-176b3f7eca8d",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622071452299,
"_last_modified_user": "admin",
"_last_modified_time": 1622071452299,
"_revision": 0
}
6 - Internal Profile High Security
Sample intent path:/infra/tls-inspection-action-profiles/internal-high-security-profile
Sample intent path:
{
"tls_config_setting": "HIGH_SECURITY",
"resource_type": "TlsInspectionInternalProfile",
"server_certs_key": ["/infra/certificates/server-cert-1"],
"default_cert_key": "/infra/certificates/server-cert-1"
}
Profile with default settings:
{
"tls_config_setting": "HIGH_SECURITY",
"decryption_fail_action": "BLOCK",
"crypto_enforcement": "ENFORCE",
"client_min_tls_version": "TLS_V1_2",
"client_max_tls_version": "TLS_V1_2",
"server_min_tls_version": "TLS_V1_2",
"server_max_tls_version": "TLS_V1_2",
"client_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],
"server_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],
"server_certs_key": [
"/infra/certificates/server-cert-1"
],
"default_cert_key": "/infra/certificates/server-cert-1",
"ocsp_must_staple": false,
"certificate_validation": false,
"resource_type": "TlsInspectionInternalProfile",
"id": "internal-high-security-profile",
"display_name": "internal-high-security-profile",
"path": "/infra/tls-inspection-action-profiles/internal-high-security-profile",
"relative_path": "internal-high-security-profile",
"parent_path": "/infra",
"unique_id": "52e3e7e8-718d-4eaf-a177-501f196c421a",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622071359539,
"_last_modified_user": "admin",
"_last_modified_time": 1622071359539,
"_revision": 0
}