ServerCertificateScope - AWS Network Firewall

ServerCertificateScope

Settings that define the Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic that Network Firewall should decrypt for inspection by the stateful rule engine.

Contents

DestinationPorts

The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.

You can specify individual ports, for example 1994, and you can specify port ranges, such as 1990:1994.

Type: Array of PortRange objects

Required: No

Destinations

The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.

Type: Array of Address objects

Required: No

Protocols

The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.

Type: Array of integers

Valid Range: Minimum value of 0. Maximum value of 255.

Required: No

SourcePorts

The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.

You can specify individual ports, for example 1994, and you can specify port ranges, such as 1990:1994.

Type: Array of PortRange objects

Required: No

Sources

The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.

Type: Array of Address objects

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: