Fortinet black logo

CLI Reference

profile tls

profile tls

Use this command to configure TLS profiles that can be used by receive rules (also called access control rules) and delivery rules.

Syntax

config profile tls

edit <profile_name>

set level {encrypt | none | secure | preferred}

set action {fail | tempfail}

end

Variable

Description

Default

<profile_name>

Enter the name of the TLS profile.

level {encrypt | none | secure | preferred}

Enter the security level of the TLS connection.

encrypt: Requires a basic TLS connection. Failure to negotiate a TLS connection results in the connection being rejected according to the action setting.

none: Disables TLS. Requests for a TLS connection will be ignored.

preferred: Allow a simple TLS connection, but do not require it. Data is not encrypted, nor is the identity of the server validated with a certificate.

secure: Requires a certificate-authenticated TLS connection. CA certificates must be installed on the FortiMail unit before they can be used for secure TLS connections. For information on installing CA certificates, see the FortiMail Administration Guide.

preferred

action {fail | tempfail}

Select the action the FortiMail unit takes when a TLS connection cannot be established.

This option does not apply for profiles whose level is preferred.

tempfail

Related topics

ms365 profile antivirus

profile tls

Use this command to configure TLS profiles that can be used by receive rules (also called access control rules) and delivery rules.

Syntax

config profile tls

edit <profile_name>

set level {encrypt | none | secure | preferred}

set action {fail | tempfail}

end

Variable

Description

Default

<profile_name>

Enter the name of the TLS profile.

level {encrypt | none | secure | preferred}

Enter the security level of the TLS connection.

encrypt: Requires a basic TLS connection. Failure to negotiate a TLS connection results in the connection being rejected according to the action setting.

none: Disables TLS. Requests for a TLS connection will be ignored.

preferred: Allow a simple TLS connection, but do not require it. Data is not encrypted, nor is the identity of the server validated with a certificate.

secure: Requires a certificate-authenticated TLS connection. CA certificates must be installed on the FortiMail unit before they can be used for secure TLS connections. For information on installing CA certificates, see the FortiMail Administration Guide.

preferred

action {fail | tempfail}

Select the action the FortiMail unit takes when a TLS connection cannot be established.

This option does not apply for profiles whose level is preferred.

tempfail

Related topics

ms365 profile antivirus