ServerCertificateScope
Settings that define the Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic that Network Firewall should decrypt for inspection by the stateful rule engine.
Contents
- DestinationPorts
-
The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.Type: Array of PortRange objects
Required: No
- Destinations
-
The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
Type: Array of Address objects
Required: No
- Protocols
-
The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
Type: Array of integers
Valid Range: Minimum value of 0. Maximum value of 255.
Required: No
- SourcePorts
-
The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.Type: Array of PortRange objects
Required: No
- Sources
-
The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
Type: Array of Address objects
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: