a10_slb_template_client_ssl
Synopsis
Client SSL Template
Parameters
Parameters |
Choices/Defaults |
Comment |
|
---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
name str/required |
Client SSL Template Name |
||
auth_username str |
Specify the Username Field in the Client Certificate(If multi-fields are specificed, prior one has higher priority) |
||
ca_certs list |
Field ca_certs |
||
ca_cert str |
CA Certificate (CA Certificate Name) |
||
ca_shared bool |
CA Certificate Partition Shared |
||
client_ocsp bool |
Specify ocsp authentication server(s) for client certificate verification |
||
client_ocsp_srvr str |
Specify authentication server |
||
client_ocsp_sg str |
Specify service-group (Service group name) |
||
chain_cert str |
Chain Certificate Name |
||
chain_cert_shared_str str |
Chain Certificate Name |
||
dh_type str |
‘1024’= 1024; ‘1024-dsa’= 1024-dsa; ‘2048’= 2048; |
||
ec_list list |
Field ec_list |
||
ec str |
‘secp256r1’= X9_62_prime256v1; ‘secp384r1’= secp384r1; |
||
local_logging bool |
Enable local logging |
||
ocsp_stapling bool |
Config OCSP stapling support |
||
ocspst_ca_cert str |
CA certificate |
||
ocspst_ocsp bool |
Specify OCSP Authentication |
||
ocspst_srvr str |
Specify OCSP authentication server |
||
ocspst_srvr_days int |
Specify update period, in days |
||
ocspst_srvr_hours int |
Specify update period, in hours |
||
ocspst_srvr_minutes int |
Specify update period, in minutes |
||
ocspst_srvr_timeout int |
Specify retry timeout (Default is 30 mins) |
||
ocspst_sg str |
Specify authentication service group |
||
ocspst_sg_days int |
Specify update period, in days |
||
ocspst_sg_hours int |
Specify update period, in hours |
||
ocspst_sg_minutes int |
Specify update period, in minutes |
||
ocspst_sg_timeout int |
Specify retry timeout (Default is 30 mins) |
||
ssli_logging bool |
SSLi logging level, default is error logging only |
||
sslilogging str |
‘disable’= Disable all logging; ‘all’= enable all logging(error, info); |
||
client_certificate str |
‘Ignore’= Don’t request client certificate; ‘Require’= Require client certificate; ‘Request’= Request client certificate; |
||
req_ca_lists list |
Field req_ca_lists |
||
client_certificate_Request_CA str |
Send CA lists in certificate request (CA Certificate Name) |
||
client_cert_req_ca_shared bool |
CA Certificate Partition Shared |
||
close_notify bool |
Send close notification when terminate connection |
||
crl_certs list |
Field crl_certs |
||
crl str |
Certificate Revocation Lists (Certificate Revocation Lists file name) |
||
crl_shared bool |
Certificate Revocation Lists Partition Shared |
||
forward_proxy_ca_cert str |
CA Certificate for forward proxy (SSL forward proxy CA Certificate Name) |
||
fp_ca_shared bool |
CA Certificate Partition Shared |
||
forward_proxy_ca_key str |
CA Private Key for forward proxy (SSL forward proxy CA Key Name) |
||
forward_passphrase str |
Password Phrase |
||
forward_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
fp_ca_key_shared bool |
CA Private Key Partition Shared |
||
fp_ca_certificate str |
CA Certificate for forward proxy (SSL forward proxy CA Certificate Name) |
||
fp_ca_key str |
CA Private Key for forward proxy (SSL forward proxy CA Key Name) |
||
fp_ca_key_passphrase str |
Password Phrase |
||
fp_ca_key_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
fp_ca_chain_cert str |
Chain Certificate (Chain Certificate Name) |
||
fp_ca_certificate_shared bool |
CA Private Key Partition Shared |
||
forward_proxy_alt_sign bool |
Forward proxy alternate signing cert and key |
||
fp_alt_cert str |
CA Certificate for forward proxy alternate signing (Certificate name) |
||
fp_alt_key str |
CA Private Key for forward proxy alternate signing (Key name) |
||
fp_alt_passphrase str |
Password Phrase |
||
fp_alt_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
fp_alt_chain_cert str |
Chain Certificate (Chain Certificate Name) |
||
fp_alt_shared bool |
Alternate CA Certificate and Private Key Partition Shared |
||
forward_proxy_trusted_ca_lists list |
Field forward_proxy_trusted_ca_lists |
||
forward_proxy_trusted_ca str |
Forward proxy trusted CA file (CA file name) |
||
fp_trusted_ca_shared bool |
Trusted CA Certificate Partition Shared |
||
forward_proxy_decrypted_dscp int |
Apply a DSCP to decrypted and bypassed traffic (DSCP to apply to decrypted traffic) |
||
forward_proxy_decrypted_dscp_bypass int |
DSCP to apply to bypassed traffic |
||
enable_tls_alert_logging bool |
Enable TLS alert logging |
||
alert_type str |
‘fatal’= Log fatal alerts; |
||
forward_proxy_verify_cert_fail_action bool |
Action taken if certificate verification fails, close the connection by default |
||
verify_cert_fail_action str |
‘bypass’= bypass SSLi processing; ‘continue’= continue the connection; ‘drop’= close the connection; ‘block’= block the connection with a warning page; |
||
forward_proxy_cert_revoke_action bool |
Action taken if a certificate is irreversibly revoked, bypass SSLi processing by default |
||
cert_revoke_action str |
‘bypass’= bypass SSLi processing; ‘continue’= continue the connection; ‘drop’= close the connection; ‘block’= block the connection with a warning page; |
||
forward_proxy_no_shared_cipher_action bool |
Action taken if handshake fails due to no shared ciper, close the connection by default |
||
no_shared_cipher_action str |
‘bypass’= bypass SSLi processing; ‘drop’= close the connection; |
||
forward_proxy_esni_action bool |
Action taken if receiving encrypted server name indication extension in client hello MSG, bypass the connection by default |
||
fp_esni_action str |
‘bypass’= bypass SSLi processing; ‘drop’= close the connection; |
||
forward_proxy_cert_unknown_action bool |
Action taken if a certificate revocation status is unknown, bypass SSLi processing by default |
||
cert_unknown_action str |
‘bypass’= bypass SSLi processing; ‘continue’= continue the connection; ‘drop’= close the connection; ‘block’= block the connection with a warning page; |
||
forward_proxy_block_message str |
Message to be included on the block page (Message, enclose in quotes if spaces are present) |
||
cache_persistence_list_name str |
Class List Name |
||
fp_cert_ext_crldp str |
CRL Distribution Point (CRL Distribution Point URI) |
||
fp_cert_ext_aia_ocsp str |
OCSP (Authority Information Access URI) |
||
fp_cert_ext_aia_ca_issuers str |
CA Issuers (Authority Information Access URI) |
||
notbefore bool |
notBefore date |
||
notbeforeday int |
Day |
||
notbeforemonth int |
Month |
||
notbeforeyear int |
Year |
||
notafter bool |
notAfter date |
||
notafterday int |
Day |
||
notaftermonth int |
Month |
||
notafteryear int |
Year |
||
forward_proxy_hash_persistence_interval int |
Set the time interval to save the hash persistence certs (Interval value, in minutes) |
||
forward_proxy_ssl_version int |
TLS/SSL version, default is TLS1.2 (TLS/SSL version= 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3) |
||
forward_proxy_ocsp_disable bool |
Disable ocsp-stapling for forward proxy |
||
forward_proxy_crl_disable bool |
Disable Certificate Revocation List checking for forward proxy |
||
forward_proxy_cert_cache_timeout int |
Certificate cache timeout, default is 1 hour (seconds, set to 0 for never timeout) |
||
forward_proxy_cert_cache_limit int |
Certificate cache size limit, default is 524288 (set to 0 for unlimited size) |
||
forward_proxy_cert_expiry bool |
Adjust certificate expiry relative to the time when it is created on the device |
||
expire_hours int |
Certificate lifetime in hours |
||
forward_proxy_enable bool |
Enable SSL forward proxy |
||
handshake_logging_enable bool |
Enable SSL handshake logging |
||
forward_proxy_selfsign_redir bool |
Redirect connections to pages with self signed certs to a warning page |
||
forward_proxy_failsafe_disable bool |
Disable Failsafe for SSL forward proxy |
||
forward_proxy_log_disable bool |
Disable SSL forward proxy logging |
||
fp_cert_fetch_natpool_name str |
Specify NAT pool or pool group |
||
shared_partition_pool bool |
Reference a NAT pool or pool group from shared partition |
||
fp_cert_fetch_natpool_name_shared str |
Specify NAT pool or pool group |
||
fp_cert_fetch_natpool_precedence bool |
Set this NAT pool as higher precedence than other source NAT like configued under template policy |
||
fp_cert_fetch_autonat str |
‘auto’= Configure auto NAT for server certificate fetching; |
||
fp_cert_fetch_autonat_precedence bool |
Set this NAT pool as higher precedence than other source NAT like configued under template policy |
||
forward_proxy_no_sni_action str |
‘intercept’= intercept in no SNI case; ‘bypass’= bypass in no SNI case; ‘reset’= reset in no SNI case; |
||
case_insensitive bool |
Case insensitive forward proxy bypass |
||
class_list_name str |
Class List Name |
||
multi_class_list list |
Field multi_class_list |
||
multi_clist_name str |
Class List Name |
||
user_name_list str |
Forward proxy bypass if user-name matches class-list |
||
ad_group_list str |
Forward proxy bypass if ad-group matches class-list |
||
exception_user_name_list str |
Exceptions to forward proxy bypass if user-name matches class-list |
||
exception_ad_group_list str |
Exceptions to forward proxy bypass if ad-group matches class-list |
||
exception_sni_cl_name str |
Exceptions to forward-proxy-bypass |
||
inspect_list_name str |
Class List Name |
||
inspect_certificate_subject_cl_name str |
Forward proxy Inspect if Certificate Subject matches class-list |
||
inspect_certificate_issuer_cl_name str |
Forward proxy Inspect if Certificate issuer matches class-list |
||
inspect_certificate_san_cl_name str |
Forward proxy Inspect if Certificate Subject Alternative Name matches class- list |
||
contains_list list |
Field contains_list |
||
contains str |
Forward proxy bypass if SNI string contains another string |
||
ends_with_list list |
Field ends_with_list |
||
ends_with str |
Forward proxy bypass if SNI string ends with another string |
||
equals_list list |
Field equals_list |
||
equals str |
Forward proxy bypass if SNI string equals another string |
||
starts_with_list list |
Field starts_with_list |
||
starts_with str |
Forward proxy bypass if SNI string starts with another string |
||
certificate_subject_contains_list list |
Field certificate_subject_contains_list |
||
certificate_subject_contains str |
Forward proxy bypass if Certificate Subject contains another string |
||
bypass_cert_subject_class_list_name str |
Class List Name |
||
bypass_cert_subject_multi_class_list list |
Field bypass_cert_subject_multi_class_list |
||
bypass_cert_subject_multi_class_list_name str |
Class List Name |
||
exception_certificate_subject_cl_name str |
Exceptions to forward-proxy-bypass |
||
certificate_subject_ends_with_list list |
Field certificate_subject_ends_with_list |
||
certificate_subject_ends_with str |
Forward proxy bypass if Certificate Subject ends with another string |
||
certificate_subject_equals_list list |
Field certificate_subject_equals_list |
||
certificate_subject_equals str |
Forward proxy bypass if Certificate Subject equals another string |
||
certificate_subject_starts_with_list list |
Field certificate_subject_starts_with_list |
||
certificate_subject_starts str |
Forward proxy bypass if Certificate Subject starts with another string |
||
certificate_issuer_contains_list list |
Field certificate_issuer_contains_list |
||
certificate_issuer_contains str |
Forward proxy bypass if Certificate issuer contains another string (Certificate issuer) |
||
bypass_cert_issuer_class_list_name str |
Class List Name |
||
bypass_cert_issuer_multi_class_list list |
Field bypass_cert_issuer_multi_class_list |
||
bypass_cert_issuer_multi_class_list_name str |
Class List Name |
||
exception_certificate_issuer_cl_name str |
Exceptions to forward-proxy-bypass |
||
certificate_issuer_ends_with_list list |
Field certificate_issuer_ends_with_list |
||
certificate_issuer_ends_with str |
Forward proxy bypass if Certificate issuer ends with another string |
||
certificate_issuer_equals_list list |
Field certificate_issuer_equals_list |
||
certificate_issuer_equals str |
Forward proxy bypass if Certificate issuer equals another string |
||
certificate_issuer_starts_with_list list |
Field certificate_issuer_starts_with_list |
||
certificate_issuer_starts str |
Forward proxy bypass if Certificate issuer starts with another string |
||
certificate_san_contains_list list |
Field certificate_san_contains_list |
||
certificate_san_contains str |
Forward proxy bypass if Certificate SAN contains another string |
||
bypass_cert_san_class_list_name str |
Class List Name |
||
bypass_cert_san_multi_class_list list |
Field bypass_cert_san_multi_class_list |
||
bypass_cert_san_multi_class_list_name str |
Class List Name |
||
exception_certificate_san_cl_name str |
Exceptions to forward-proxy-bypass |
||
certificate_san_ends_with_list list |
Field certificate_san_ends_with_list |
||
certificate_san_ends_with str |
Forward proxy bypass if Certificate SAN ends with another string |
||
certificate_san_equals_list list |
Field certificate_san_equals_list |
||
certificate_san_equals str |
Forward proxy bypass if Certificate SAN equals another string |
||
certificate_san_starts_with_list list |
Field certificate_san_starts_with_list |
||
certificate_san_starts str |
Forward proxy bypass if Certificate SAN starts with another string |
||
client_auth_case_insensitive bool |
Case insensitive forward proxy client auth bypass |
||
client_auth_class_list str |
Forward proxy client auth bypass if SNI string matches class-list (Class List Name) |
||
client_auth_contains_list list |
Field client_auth_contains_list |
||
client_auth_contains str |
Forward proxy bypass if SNI string contains another string |
||
client_auth_ends_with_list list |
Field client_auth_ends_with_list |
||
client_auth_ends_with str |
Forward proxy bypass if SNI string ends with another string |
||
client_auth_equals_list list |
Field client_auth_equals_list |
||
client_auth_equals str |
Forward proxy bypass if SNI string equals another string |
||
client_auth_starts_with_list list |
Field client_auth_starts_with_list |
||
client_auth_starts_with str |
Forward proxy bypass if SNI string starts with another string |
||
forward_proxy_cert_not_ready_action str |
‘bypass’= bypass the connection; ‘reset’= reset the connection; ‘intercept’= wait for cert and then inspect the connection; |
||
web_reputation dict |
Field web_reputation |
||
bypass_trustworthy bool |
Bypass when reputation score is greater than or equal to 81 |
||
bypass_low_risk bool |
Bypass when reputation score is greater than or equal to 61 |
||
bypass_moderate_risk bool |
Bypass when reputation score is greater than or equal to 41 |
||
bypass_suspicious bool |
Bypass when reputation score is greater than or equal to 21 |
||
bypass_malicious bool |
Bypass when reputation score is greater than or equal to 1 |
||
bypass_threshold int |
Bypass when reputation score is greater than or equal to the customized score (1-100) |
||
exception_web_reputation dict |
Field exception_web_reputation |
||
exception_trustworthy bool |
Intercept when reputation score is less than or equal to 100 |
||
exception_low_risk bool |
Intercept when reputation score is less than or equal to 80 |
||
exception_moderate_risk bool |
Intercept when reputation score is less than or equal to 60 |
||
exception_suspicious bool |
Intercept when reputation score is less than or equal to 40 |
||
exception_malicious bool |
Intercept when reputation score is less than or equal to 20 |
||
exception_threshold int |
Intercept when reputation score is less than or equal to a customized value (1-100) |
||
web_category dict |
Field web_category |
||
uncategorized bool |
Uncategorized URLs |
||
real_estate bool |
Category Real Estate |
||
computer_and_internet_security bool |
Category Computer and Internet Security |
||
financial_services bool |
Category Financial Services |
||
business_and_economy bool |
Category Business and Economy |
||
computer_and_internet_info bool |
Category Computer and Internet Info |
||
auctions bool |
Category Auctions |
||
shopping bool |
Category Shopping |
||
cult_and_occult bool |
Category Cult and Occult |
||
travel bool |
Category Travel |
||
drugs bool |
Category Abused Drugs |
||
adult_and_pornography bool |
Category Adult and Pornography |
||
home_and_garden bool |
Category Home and Garden |
||
military bool |
Category Military |
||
social_network bool |
Category Social Network |
||
dead_sites bool |
Category Dead Sites (db Ops only) |
||
stock_advice_and_tools bool |
Category Stock Advice and Tools |
||
training_and_tools bool |
Category Training and Tools |
||
dating bool |
Category Dating |
||
sex_education bool |
Category Sex Education |
||
religion bool |
Category Religion |
||
entertainment_and_arts bool |
Category Entertainment and Arts |
||
personal_sites_and_blogs bool |
Category Personal sites and Blogs |
||
legal bool |
Category Legal |
||
local_information bool |
Category Local Information |
||
streaming_media bool |
Category Streaming Media |
||
job_search bool |
Category Job Search |
||
gambling bool |
Category Gambling |
||
translation bool |
Category Translation |
||
reference_and_research bool |
Category Reference and Research |
||
shareware_and_freeware bool |
Category Shareware and Freeware |
||
peer_to_peer bool |
Category Peer to Peer |
||
marijuana bool |
Category Marijuana |
||
hacking bool |
Category Hacking |
||
games bool |
Category Games |
||
philosophy_and_politics bool |
Category Philosophy and Political Advocacy |
||
weapons bool |
Category Weapons |
||
pay_to_surf bool |
Category Pay to Surf |
||
hunting_and_fishing bool |
Category Hunting and Fishing |
||
society bool |
Category Society |
||
educational_institutions bool |
Category Educational Institutions |
||
online_greeting_cards bool |
Category Online Greeting cards |
||
sports bool |
Category Sports |
||
swimsuits_and_intimate_apparel bool |
Category Swimsuits and Intimate Apparel |
||
questionable bool |
Category Questionable |
||
kids bool |
Category Kids |
||
hate_and_racism bool |
Category Hate and Racism |
||
personal_storage bool |
Category Personal Storage |
||
violence bool |
Category Violence |
||
keyloggers_and_monitoring bool |
Category Keyloggers and Monitoring |
||
search_engines bool |
Category Search Engines |
||
internet_portals bool |
Category Internet Portals |
||
web_advertisements bool |
Category Web Advertisements |
||
cheating bool |
Category Cheating |
||
gross bool |
Category Gross |
||
web_based_email bool |
Category Web based email |
||
malware_sites bool |
Category Malware Sites |
||
phishing_and_other_fraud bool |
Category Phishing and Other Frauds |
||
proxy_avoid_and_anonymizers bool |
Category Proxy Avoid and Anonymizers |
||
spyware_and_adware bool |
Category Spyware and Adware |
||
music bool |
Category Music |
||
government bool |
Category Government |
||
nudity bool |
Category Nudity |
||
news_and_media bool |
Category News and Media |
||
illegal bool |
Category Illegal |
||
cdns bool |
Category CDNs |
||
internet_communications bool |
Category Internet Communications |
||
bot_nets bool |
Category Bot Nets |
||
abortion bool |
Category Abortion |
||
health_and_medicine bool |
Category Health and Medicine |
||
confirmed_spam_sources bool |
Category Confirmed SPAM Sources |
||
spam_urls bool |
Category SPAM URLs |
||
unconfirmed_spam_sources bool |
Category Unconfirmed SPAM Sources |
||
open_http_proxies bool |
Category Open HTTP Proxies |
||
dynamic_comment bool |
Category Dynamic Comment |
||
parked_domains bool |
Category Parked Domains |
||
alcohol_and_tobacco bool |
Category Alcohol and Tobacco |
||
private_ip_addresses bool |
Category Private IP Addresses |
||
image_and_video_search bool |
Category Image and Video Search |
||
fashion_and_beauty bool |
Category Fashion and Beauty |
||
recreation_and_hobbies bool |
Category Recreation and Hobbies |
||
motor_vehicles bool |
Category Motor Vehicles |
||
web_hosting_sites bool |
Category Web Hosting Sites |
||
food_and_dining bool |
Category Food and Dining |
||
nudity_artistic bool |
Category Nudity join Entertainment and Arts |
||
illegal_pornography bool |
Category Illegal join Adult and Pornography |
||
exception_web_category dict |
Field exception_web_category |
||
exception_uncategorized bool |
Uncategorized URLs |
||
exception_real_estate bool |
Category Real Estate |
||
exception_computer_and_internet_security bool |
Category Computer and Internet Security |
||
exception_financial_services bool |
Category Financial Services |
||
exception_business_and_economy bool |
Category Business and Economy |
||
exception_computer_and_internet_info bool |
Category Computer and Internet Info |
||
exception_auctions bool |
Category Auctions |
||
exception_shopping bool |
Category Shopping |
||
exception_cult_and_occult bool |
Category Cult and Occult |
||
exception_travel bool |
Category Travel |
||
exception_drugs bool |
Category Abused Drugs |
||
exception_adult_and_pornography bool |
Category Adult and Pornography |
||
exception_home_and_garden bool |
Category Home and Garden |
||
exception_military bool |
Category Military |
||
exception_social_network bool |
Category Social Network |
||
exception_dead_sites bool |
Category Dead Sites (db Ops only) |
||
exception_stock_advice_and_tools bool |
Category Stock Advice and Tools |
||
exception_training_and_tools bool |
Category Training and Tools |
||
exception_dating bool |
Category Dating |
||
exception_sex_education bool |
Category Sex Education |
||
exception_religion bool |
Category Religion |
||
exception_entertainment_and_arts bool |
Category Entertainment and Arts |
||
exception_personal_sites_and_blogs bool |
Category Personal sites and Blogs |
||
exception_legal bool |
Category Legal |
||
exception_local_information bool |
Category Local Information |
||
exception_streaming_media bool |
Category Streaming Media |
||
exception_job_search bool |
Category Job Search |
||
exception_gambling bool |
Category Gambling |
||
exception_translation bool |
Category Translation |
||
exception_reference_and_research bool |
Category Reference and Research |
||
exception_shareware_and_freeware bool |
Category Shareware and Freeware |
||
exception_peer_to_peer bool |
Category Peer to Peer |
||
exception_marijuana bool |
Category Marijuana |
||
exception_hacking bool |
Category Hacking |
||
exception_games bool |
Category Games |
||
exception_philosophy_and_politics bool |
Category Philosophy and Political Advocacy |
||
exception_weapons bool |
Category Weapons |
||
exception_pay_to_surf bool |
Category Pay to Surf |
||
exception_hunting_and_fishing bool |
Category Hunting and Fishing |
||
exception_society bool |
Category Society |
||
exception_educational_institutions bool |
Category Educational Institutions |
||
exception_online_greeting_cards bool |
Category Online Greeting cards |
||
exception_sports bool |
Category Sports |
||
exception_swimsuits_and_intimate_apparel bool |
Category Swimsuits and Intimate Apparel |
||
exception_questionable bool |
Category Questionable |
||
exception_kids bool |
Category Kids |
||
exception_hate_and_racism bool |
Category Hate and Racism |
||
exception_personal_storage bool |
Category Personal Storage |
||
exception_violence bool |
Category Violence |
||
exception_keyloggers_and_monitoring bool |
Category Keyloggers and Monitoring |
||
exception_search_engines bool |
Category Search Engines |
||
exception_internet_portals bool |
Category Internet Portals |
||
exception_web_advertisements bool |
Category Web Advertisements |
||
exception_cheating bool |
Category Cheating |
||
exception_gross bool |
Category Gross |
||
exception_web_based_email bool |
Category Web based email |
||
exception_malware_sites bool |
Category Malware Sites |
||
exception_phishing_and_other_fraud bool |
Category Phishing and Other Frauds |
||
exception_proxy_avoid_and_anonymizers bool |
Category Proxy Avoid and Anonymizers |
||
exception_spyware_and_adware bool |
Category Spyware and Adware |
||
exception_music bool |
Category Music |
||
exception_government bool |
Category Government |
||
exception_nudity bool |
Category Nudity |
||
exception_news_and_media bool |
Category News and Media |
||
exception_illegal bool |
Category Illegal |
||
exception_cdns bool |
Category CDNs |
||
exception_internet_communications bool |
Category Internet Communications |
||
exception_bot_nets bool |
Category Bot Nets |
||
exception_abortion bool |
Category Abortion |
||
exception_health_and_medicine bool |
Category Health and Medicine |
||
exception_confirmed_spam_sources bool |
Category Confirmed SPAM Sources |
||
exception_spam_urls bool |
Category SPAM URLs |
||
exception_unconfirmed_spam_sources bool |
Category Unconfirmed SPAM Sources |
||
exception_open_http_proxies bool |
Category Open HTTP Proxies |
||
exception_dynamic_comment bool |
Category Dynamic Comment |
||
exception_parked_domains bool |
Category Parked Domains |
||
exception_alcohol_and_tobacco bool |
Category Alcohol and Tobacco |
||
exception_private_ip_addresses bool |
Category Private IP Addresses |
||
exception_image_and_video_search bool |
Category Image and Video Search |
||
exception_fashion_and_beauty bool |
Category Fashion and Beauty |
||
exception_recreation_and_hobbies bool |
Category Recreation and Hobbies |
||
exception_motor_vehicles bool |
Category Motor Vehicles |
||
exception_web_hosting_sites bool |
Category Web Hosting Sites |
||
exception_food_and_dining bool |
Category Food and Dining |
||
exception_nudity_artistic bool |
Category Nudity join Entertainment and Arts |
||
exception_illegal_pornography bool |
Category Illegal join Adult and Pornography |
||
require_web_category bool |
Wait for web category to be resolved before taking bypass decision |
||
forward_proxy_require_sni_cert_matched str |
‘no-match-action-inspect’= Inspected if not matched; ‘no-match-action-drop’= Dropped if not matched; |
||
template_cipher str |
Cipher Template Name |
||
shared_partition_cipher_template bool |
Reference a cipher template from shared partition |
||
template_cipher_shared str |
Cipher Template Name |
||
template_hsm str |
HSM Template (HSM Template Name) |
||
hsm_type str |
‘thales-embed’= Thales embed key; ‘thales-hwcrhk’= Thales hwcrhk Key; |
||
cipher_without_prio_list list |
Field cipher_without_prio_list |
||
cipher_wo_prio str |
‘SSL3_RSA_DES_192_CBC3_SHA’= SSL3_RSA_DES_192_CBC3_SHA; ‘SSL3_RSA_RC4_128_MD5’= SSL3_RSA_RC4_128_MD5; ‘SSL3_RSA_RC4_128_SHA’= SSL3_RSA_RC4_128_SHA; ‘TLS1_RSA_AES_128_SHA’= TLS1_RSA_AES_128_SHA; ‘TLS1_RSA_AES_256_SHA’= TLS1_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_SHA256’= TLS1_RSA_AES_128_SHA256; ‘TLS1_RSA_AES_256_SHA256’= TLS1_RSA_AES_256_SHA256; ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’= TLS1_DHE_RSA_AES_128_GCM_SHA256; ‘TLS1_DHE_RSA_AES_128_SHA’= TLS1_DHE_RSA_AES_128_SHA; ‘TLS1_DHE_RSA_AES_128_SHA256’= TLS1_DHE_RSA_AES_128_SHA256; ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’= TLS1_DHE_RSA_AES_256_GCM_SHA384; ‘TLS1_DHE_RSA_AES_256_SHA’= TLS1_DHE_RSA_AES_256_SHA; ‘TLS1_DHE_RSA_AES_256_SHA256’= TLS1_DHE_RSA_AES_256_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’= TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_SHA’= TLS1_ECDHE_ECDSA_AES_128_SHA; ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’= TLS1_ECDHE_ECDSA_AES_128_SHA256; ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’= TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA’= TLS1_ECDHE_ECDSA_AES_256_SHA; ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’= TLS1_ECDHE_RSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_RSA_AES_128_SHA’= TLS1_ECDHE_RSA_AES_128_SHA; ‘TLS1_ECDHE_RSA_AES_128_SHA256’= TLS1_ECDHE_RSA_AES_128_SHA256; ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’= TLS1_ECDHE_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA’= TLS1_ECDHE_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_GCM_SHA256’= TLS1_RSA_AES_128_GCM_SHA256; ‘TLS1_RSA_AES_256_GCM_SHA384’= TLS1_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA384’= TLS1_ECDHE_RSA_AES_256_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA384’= TLS1_ECDHE_ECDSA_AES_256_SHA384; ‘TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256’= TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256; ‘TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256’= TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256; ‘TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256’= TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256; |
||
server_name_list list |
Field server_name_list |
||
server_name str |
Server name indication in Client hello extension (Server name String) |
||
server_cert str |
Server Certificate associated to SNI (Server Certificate Name) |
||
server_chain str |
Server Certificate Chain associated to SNI (Server Certificate Chain Name) |
||
server_key str |
Server Private Key associated to SNI (Server Private Key Name) |
||
server_passphrase str |
help Password Phrase |
||
server_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
server_name_alternate bool |
Specific the second certifcate |
||
server_shared bool |
Server Name Partition Shared |
||
sni_template bool |
Template associated to SNI |
||
sni_template_client_ssl str |
Client SSL Template Name |
||
sni_shared_partition_client_ssl_template bool |
Reference a Client SSL template from shared partition |
||
sni_template_client_ssl_shared_name str |
Client SSL Template Name |
||
server_name_regex str |
Server name indication in Client hello extension with regular expression (Server name String with regex) |
||
server_cert_regex str |
Server Certificate associated to SNI regex (Server Certificate Name) |
||
server_chain_regex str |
Server Certificate Chain associated to SNI regex (Server Certificate Chain Name) |
||
server_key_regex str |
Server Private Key associated to SNI regex (Server Private Key Name) |
||
server_passphrase_regex str |
help Password Phrase |
||
server_encrypted_regex str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
server_name_regex_alternate bool |
Specific the second certifcate |
||
server_shared_regex bool |
Server Name Partition Shared |
||
sni_regex_template bool |
Template associated to SNI regex |
||
sni_regex_template_client_ssl str |
Client SSL Template Name |
||
sni_regex_shared_partition_client_ssl_template bool |
Reference a Client SSL template from shared partition |
||
sni_regex_template_client_ssl_shared_name str |
Client SSL Template Name |
||
server_name_auto_map bool |
Enable automatic mapping of server name indication in Client hello extension |
||
sni_enable_log bool |
Enable logging of sni-auto-map failures. Disable by default |
||
sni_bypass_missing_cert bool |
Bypass when missing cert/key |
||
sni_bypass_expired_cert bool |
Bypass when certificate expired |
||
sni_bypass_explicit_list str |
Bypass when matched explicit bypass list (Specify class list name) |
||
sni_bypass_enable_log bool |
Enable logging when bypass event happens, disabled by default |
||
direct_client_server_auth bool |
Let backend server does SSL client authentication directly |
||
session_cache_size int |
Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled)) |
||
session_cache_timeout int |
Session Cache Timeout (Timeout value, in seconds. Default value 0 (Session cache timeout disabled)) |
||
session_ticket_disable bool |
Disable client side session ticket support |
||
session_ticket_lifetime int |
Session ticket lifetime in seconds from stateless session resumption (Lifetime value in seconds. Default value 0 (Session ticket lifetime is 7200 seconds)) |
||
ssl_false_start_disable bool |
disable SSL False Start |
||
disable_sslv3 bool |
Reject Client requests for SSL version 3 |
||
version int |
TLS/SSL version, default is the highest number supported (TLS/SSL version= 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3) |
||
dgversion int |
Lower TLS/SSL version can be downgraded |
||
renegotiation_disable bool |
Disable SSL renegotiation |
||
sslv2_bypass_service_group str |
Service Group for Bypass SSLV2 (Service Group Name) |
||
authorization bool |
Specify LDAP server for client SSL authorizaiton |
||
authen_name str |
Specify authorization LDAP server name |
||
ldap_base_dn_from_cert bool |
Use Subject DN as LDAP search base DN |
||
ldap_search_filter str |
Specify LDAP search filter |
||
auth_sg str |
Specify authorization LDAP service group |
||
auth_sg_dn bool |
Use Subject DN as LDAP search base DN |
||
auth_sg_filter str |
Specify LDAP search filter |
||
auth_username_attribute str |
Specify attribute name of username for client SSL authorization |
||
non_ssl_bypass_service_group str |
Service Group for Bypass non-ssl traffic (Service Group Name) |
||
non_ssl_bypass_l4session bool |
Handle the non-ssl session as L4 for performance optimization |
||
enable_ssli_ftp_alg int |
Enable SSLi FTP over TLS support at which port |
||
early_data bool |
Enable TLS 1.3 early data (0-RTT) |
||
no_anti_replay bool |
Disable anti-replay protection for TLS 1.3 early data (0-RTT data) |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
certificate_list list |
Field certificate_list |
||
cert str |
Certificate Name |
||
key str |
Server Private Key (Key Name) |
||
passphrase str |
Password Phrase |
||
key_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
chain_cert str |
Chain Certificate (Chain Certificate Name) |
||
shared bool |
Server Certificate and Key Partition Shared |
||
uuid str |
uuid of the object |
||
oper dict |
Field oper |
||
cert_status_list list |
Field cert_status_list |
||
name str |
Client SSL Template Name |
||
stats dict |
Field stats |
||
real_estate str |
real estate category |
||
computer_and_internet_security str |
computer and internet security category |
||
financial_services str |
financial services category |
||
business_and_economy str |
business and economy category |
||
computer_and_internet_info str |
computer and internet info category |
||
auctions str |
auctions category |
||
shopping str |
shopping category |
||
cult_and_occult str |
cult and occult category |
||
travel str |
travel category |
||
drugs str |
drugs category |
||
adult_and_pornography str |
adult and pornography category |
||
home_and_garden str |
home and garden category |
||
military str |
military category |
||
social_network str |
social network category |
||
dead_sites str |
dead sites category |
||
stock_advice_and_tools str |
stock advice and tools category |
||
training_and_tools str |
training and tools category |
||
dating str |
dating category |
||
sex_education str |
sex education category |
||
religion str |
religion category |
||
entertainment_and_arts str |
entertainment and arts category |
||
personal_sites_and_blogs str |
personal sites and blogs category |
||
legal str |
legal category |
||
local_information str |
local information category |
||
streaming_media str |
streaming media category |
||
job_search str |
job search category |
||
gambling str |
gambling category |
||
translation str |
translation category |
||
reference_and_research str |
reference and research category |
||
shareware_and_freeware str |
shareware and freeware category |
||
peer_to_peer str |
peer to peer category |
||
marijuana str |
marijuana category |
||
hacking str |
hacking category |
||
games str |
games category |
||
philosophy_and_politics str |
philosophy and politics category |
||
weapons str |
weapons category |
||
pay_to_surf str |
pay to surf category |
||
hunting_and_fishing str |
hunting and fishing category |
||
society str |
society category |
||
educational_institutions str |
educational institutions category |
||
online_greeting_cards str |
online greeting cards category |
||
sports str |
sports category |
||
swimsuits_and_intimate_apparel str |
swimsuits and intimate apparel category |
||
questionable str |
questionable category |
||
kids str |
kids category |
||
hate_and_racism str |
hate and racism category |
||
personal_storage str |
personal storage category |
||
violence str |
violence category |
||
keyloggers_and_monitoring str |
keyloggers and monitoring category |
||
search_engines str |
search engines category |
||
internet_portals str |
internet portals category |
||
web_advertisements str |
web advertisements category |
||
cheating str |
cheating category |
||
gross str |
gross category |
||
web_based_email str |
web based email category |
||
malware_sites str |
malware sites category |
||
phishing_and_other_fraud str |
phishing and other fraud category |
||
proxy_avoid_and_anonymizers str |
proxy avoid and anonymizers category |
||
spyware_and_adware str |
spyware and adware category |
||
music str |
music category |
||
government str |
government category |
||
nudity str |
nudity category |
||
news_and_media str |
news and media category |
||
illegal str |
illegal category |
||
CDNs str |
content delivery networks category |
||
internet_communications str |
internet communications category |
||
bot_nets str |
bot nets category |
||
abortion str |
abortion category |
||
health_and_medicine str |
health and medicine category |
||
confirmed_SPAM_sources str |
confirmed SPAM sources category |
||
SPAM_URLs str |
SPAM URLs category |
||
unconfirmed_SPAM_sources str |
unconfirmed SPAM sources category |
||
open_HTTP_proxies str |
open HTTP proxies category |
||
dynamic_comment str |
dynamic comment category |
||
parked_domains str |
parked domains category |
||
alcohol_and_tobacco str |
alcohol and tobacco category |
||
private_IP_addresses str |
private IP addresses category |
||
image_and_video_search str |
image and video search category |
||
fashion_and_beauty str |
fashion and beauty category |
||
recreation_and_hobbies str |
recreation and hobbies category |
||
motor_vehicles str |
motor vehicles category |
||
web_hosting_sites str |
web hosting sites category |
||
food_and_dining str |
food and dining category |
||
nudity_artistic str |
nudity join Entertainment and Arts |
||
illegal_pornography str |
illegal join Adult and Pornography |
||
uncategorised str |
uncategorised |
||
other_category str |
other category |
||
trustworthy str |
Trustworthy level(81-100) |
||
low_risk str |
Low-risk level(61-80) |
||
moderate_risk str |
Moderate-risk level(41-60) |
||
suspicious str |
Suspicious level(21-40) |
||
malicious str |
Malicious level(1-20) |
||
name str |
Client SSL Template Name |
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.