a10_slb_template_client_ssl¶
Parameters¶
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
name str/required |
Client SSL Template Name |
||
auth_username str |
Specify the Username Field in the Client Certificate(If multi-fields are specificed, prior one has higher priority) |
||
ca_certs list |
Field ca_certs |
||
ca_cert str |
CA Certificate (CA Certificate Name) |
||
ca_shared bool |
CA Certificate Partition Shared |
||
client_ocsp bool |
Specify ocsp authentication server(s) for client certificate verification |
||
client_ocsp_srvr str |
Specify authentication server |
||
client_ocsp_sg str |
Specify service-group (Service group name) |
||
chain_cert str |
Chain Certificate Name |
||
chain_cert_shared_str str |
Chain Certificate Name |
||
cert str |
Certificate Name |
||
cert_shared_str str |
Certificate Name |
||
cert_alternate str |
Specify the second certificate (Certificate Name) |
||
cert_alt_partition_shared bool |
Certificate Partition Shared |
||
dh_type str |
‘1024’= 1024; ‘1024-dsa’= 1024-dsa; ‘2048’= 2048; |
||
ec_list list |
Field ec_list |
||
ec str |
‘secp256r1’= X9_62_prime256v1; ‘secp384r1’= secp384r1; |
||
local_logging bool |
Enable local logging |
||
ocsp_stapling bool |
Config OCSP stapling support |
||
ocspst_ca_cert str |
CA certificate |
||
ocspst_ocsp bool |
Specify OCSP Authentication |
||
ocspst_srvr str |
Specify OCSP authentication server |
||
ocspst_srvr_days int |
Specify update period, in days |
||
ocspst_srvr_hours int |
Specify update period, in hours |
||
ocspst_srvr_minutes int |
Specify update period, in minutes |
||
ocspst_srvr_timeout int |
Specify retry timeout (Default is 30 mins) |
||
ocspst_sg str |
Specify authentication service group |
||
ocspst_sg_days int |
Specify update period, in days |
||
ocspst_sg_hours int |
Specify update period, in hours |
||
ocspst_sg_minutes int |
Specify update period, in minutes |
||
ocspst_sg_timeout int |
Specify retry timeout (Default is 30 mins) |
||
ssli_logging bool |
SSLi logging level, default is error logging only |
||
sslilogging str |
‘disable’= Disable all logging; ‘all’= enable all logging(error, info); |
||
client_certificate str |
‘Ignore’= Don’t request client certificate; ‘Require’= Require client certificate; ‘Request’= Request client certificate; |
||
req_ca_lists list |
Field req_ca_lists |
||
client_certificate_Request_CA str |
Send CA lists in certificate request (CA Certificate Name) |
||
client_cert_req_ca_shared bool |
CA Certificate Partition Shared |
||
close_notify bool |
Send close notification when terminate connection |
||
crl_certs list |
Field crl_certs |
||
crl str |
Certificate Revocation Lists (Certificate Revocation Lists file name) |
||
crl_shared bool |
Certificate Revocation Lists Partition Shared |
||
forward_proxy_ca_cert str |
CA Certificate for forward proxy (SSL forward proxy CA Certificate Name) |
||
fp_ca_shared bool |
CA Certificate Partition Shared |
||
forward_proxy_ca_key str |
CA Private Key for forward proxy (SSL forward proxy CA Key Name) |
||
forward_passphrase str |
Password Phrase |
||
forward_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
fp_ca_key_shared bool |
CA Private Key Partition Shared |
||
forward_proxy_alt_sign bool |
Forward proxy alternate signing cert and key |
||
fp_alt_cert str |
CA Certificate for forward proxy alternate signing (Certificate name) |
||
fp_alt_key str |
CA Private Key for forward proxy alternate signing (Key name) |
||
fp_alt_passphrase str |
Password Phrase |
||
fp_alt_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
fp_alt_shared bool |
Alternate CA Certificate and Private Key Partition Shared |
||
forward_proxy_trusted_ca_lists list |
Field forward_proxy_trusted_ca_lists |
||
forward_proxy_trusted_ca str |
Forward proxy trusted CA file (CA file name) |
||
fp_trusted_ca_shared bool |
Trusted CA Certificate Partition Shared |
||
forward_proxy_decrypted_dscp int |
Apply a DSCP to decrypted and bypassed traffic (DSCP to apply to decrypted traffic) |
||
forward_proxy_decrypted_dscp_bypass int |
DSCP to apply to bypassed traffic |
||
enable_tls_alert_logging bool |
Enable TLS alert logging |
||
alert_type str |
‘fatal’= Log fatal alerts; |
||
forward_proxy_verify_cert_fail_action bool |
Action taken if certificate verification fails, close the connection by default |
||
verify_cert_fail_action str |
‘bypass’= bypass SSLi processing; ‘continue’= continue the connection; ‘drop’= close the connection; ‘block’= block the connection with a warning page; |
||
forward_proxy_cert_revoke_action bool |
Action taken if a certificate is irreversibly revoked, bypass SSLi processing by default |
||
cert_revoke_action str |
‘bypass’= bypass SSLi processing; ‘continue’= continue the connection; ‘drop’= close the connection; ‘block’= block the connection with a warning page; |
||
forward_proxy_no_shared_cipher_action bool |
Action taken if handshake fails due to no shared ciper, close the connection by default |
||
no_shared_cipher_action str |
‘bypass’= bypass SSLi processing; ‘drop’= close the connection; |
||
forward_proxy_cert_unknown_action bool |
Action taken if a certificate revocation status is unknown, bypass SSLi processing by default |
||
cert_unknown_action str |
‘bypass’= bypass SSLi processing; ‘continue’= continue the connection; ‘drop’= close the connection; ‘block’= block the connection with a warning page; |
||
forward_proxy_block_message str |
Message to be included on the block page (Message, enclose in quotes if spaces are present) |
||
cache_persistence_list_name str |
Class List Name |
||
fp_cert_ext_crldp str |
CRL Distribution Point (CRL Distribution Point URI) |
||
fp_cert_ext_aia_ocsp str |
OCSP (Authority Information Access URI) |
||
fp_cert_ext_aia_ca_issuers str |
CA Issuers (Authority Information Access URI) |
||
notbefore bool |
notBefore date |
||
notbeforeday int |
Day |
||
notbeforemonth int |
Month |
||
notbeforeyear int |
Year |
||
notafter bool |
notAfter date |
||
notafterday int |
Day |
||
notaftermonth int |
Month |
||
notafteryear int |
Year |
||
forward_proxy_ssl_version int |
TLS/SSL version, default is TLS1.2 (TLS/SSL version= 31-TLSv1.0, 32-TLSv1.1 and 33-TLSv1.2) |
||
forward_proxy_ocsp_disable bool |
Disable ocsp-stapling for forward proxy |
||
forward_proxy_crl_disable bool |
Disable Certificate Revocation List checking for forward proxy |
||
forward_proxy_cert_cache_timeout int |
Certificate cache timeout, default is 1 hour (seconds, set to 0 for never timeout) |
||
forward_proxy_cert_cache_limit int |
Certificate cache size limit, default is 524288 (set to 0 for unlimited size) |
||
forward_proxy_cert_expiry bool |
Adjust certificate expiry relative to the time when it is created on the device |
||
expire_hours int |
Certificate lifetime in hours |
||
forward_proxy_enable bool |
Enable SSL forward proxy |
||
handshake_logging_enable bool |
Enable SSL handshake logging |
||
forward_proxy_selfsign_redir bool |
Redirect connections to pages with self signed certs to a warning page |
||
forward_proxy_failsafe_disable bool |
Disable Failsafe for SSL forward proxy |
||
forward_proxy_log_disable bool |
Disable SSL forward proxy logging |
||
fp_cert_fetch_natpool_name str |
Specify NAT pool or pool group |
||
shared_partition_pool bool |
Reference a NAT pool or pool group from shared partition |
||
fp_cert_fetch_natpool_name_shared str |
Specify NAT pool or pool group |
||
fp_cert_fetch_natpool_precedence bool |
Set this NAT pool as higher precedence than other source NAT like configued under template policy |
||
fp_cert_fetch_autonat str |
‘auto’= Configure auto NAT for server certificate fetching; |
||
fp_cert_fetch_autonat_precedence bool |
Set this NAT pool as higher precedence than other source NAT like configued under template policy |
||
forward_proxy_no_sni_action str |
‘intercept’= intercept in no SNI case; ‘bypass’= bypass in no SNI case; ‘reset’= reset in no SNI case; |
||
case_insensitive bool |
Case insensitive forward proxy bypass |
||
class_list_name str |
Class List Name |
||
multi_class_list list |
Field multi_class_list |
||
multi_clist_name str |
Class List Name |
||
user_name_list str |
Forward proxy bypass if user-name matches class-list |
||
ad_group_list str |
Forward proxy bypass if ad-group matches class-list |
||
exception_user_name_list str |
Exceptions to forward proxy bypass if user-name matches class-list |
||
exception_ad_group_list str |
Exceptions to forward proxy bypass if ad-group matches class-list |
||
exception_sni_cl_name str |
Exceptions to forward-proxy-bypass |
||
inspect_list_name str |
Class List Name |
||
inspect_certificate_subject_cl_name str |
Forward proxy Inspect if Certificate Subject matches class-list |
||
inspect_certificate_issuer_cl_name str |
Forward proxy Inspect if Certificate issuer matches class-list |
||
inspect_certificate_san_cl_name str |
Forward proxy Inspect if Certificate Subject Alternative Name matches class- list |
||
contains_list list |
Field contains_list |
||
contains str |
Forward proxy bypass if SNI string contains another string |
||
ends_with_list list |
Field ends_with_list |
||
ends_with str |
Forward proxy bypass if SNI string ends with another string |
||
equals_list list |
Field equals_list |
||
equals str |
Forward proxy bypass if SNI string equals another string |
||
starts_with_list list |
Field starts_with_list |
||
starts_with str |
Forward proxy bypass if SNI string starts with another string |
||
certificate_subject_contains_list list |
Field certificate_subject_contains_list |
||
certificate_subject_contains str |
Forward proxy bypass if Certificate Subject contains another string |
||
bypass_cert_subject_class_list_name str |
Class List Name |
||
bypass_cert_subject_multi_class_list list |
Field bypass_cert_subject_multi_class_list |
||
bypass_cert_subject_multi_class_list_name str |
Class List Name |
||
exception_certificate_subject_cl_name str |
Exceptions to forward-proxy-bypass |
||
certificate_subject_ends_with_list list |
Field certificate_subject_ends_with_list |
||
certificate_subject_ends_with str |
Forward proxy bypass if Certificate Subject ends with another string |
||
certificate_subject_equals_list list |
Field certificate_subject_equals_list |
||
certificate_subject_equals str |
Forward proxy bypass if Certificate Subject equals another string |
||
certificate_subject_starts_with_list list |
Field certificate_subject_starts_with_list |
||
certificate_subject_starts str |
Forward proxy bypass if Certificate Subject starts with another string |
||
certificate_issuer_contains_list list |
Field certificate_issuer_contains_list |
||
certificate_issuer_contains str |
Forward proxy bypass if Certificate issuer contains another string (Certificate issuer) |
||
bypass_cert_issuer_class_list_name str |
Class List Name |
||
bypass_cert_issuer_multi_class_list list |
Field bypass_cert_issuer_multi_class_list |
||
bypass_cert_issuer_multi_class_list_name str |
Class List Name |
||
exception_certificate_issuer_cl_name str |
Exceptions to forward-proxy-bypass |
||
certificate_issuer_ends_with_list list |
Field certificate_issuer_ends_with_list |
||
certificate_issuer_ends_with str |
Forward proxy bypass if Certificate issuer ends with another string |
||
certificate_issuer_equals_list list |
Field certificate_issuer_equals_list |
||
certificate_issuer_equals str |
Forward proxy bypass if Certificate issuer equals another string |
||
certificate_issuer_starts_with_list list |
Field certificate_issuer_starts_with_list |
||
certificate_issuer_starts str |
Forward proxy bypass if Certificate issuer starts with another string |
||
certificate_san_contains_list list |
Field certificate_san_contains_list |
||
certificate_san_contains str |
Forward proxy bypass if Certificate SAN contains another string |
||
bypass_cert_san_class_list_name str |
Class List Name |
||
bypass_cert_san_multi_class_list list |
Field bypass_cert_san_multi_class_list |
||
bypass_cert_san_multi_class_list_name str |
Class List Name |
||
exception_certificate_san_cl_name str |
Exceptions to forward-proxy-bypass |
||
certificate_san_ends_with_list list |
Field certificate_san_ends_with_list |
||
certificate_san_ends_with str |
Forward proxy bypass if Certificate SAN ends with another string |
||
certificate_san_equals_list list |
Field certificate_san_equals_list |
||
certificate_san_equals str |
Forward proxy bypass if Certificate SAN equals another string |
||
certificate_san_starts_with_list list |
Field certificate_san_starts_with_list |
||
certificate_san_starts str |
Forward proxy bypass if Certificate SAN starts with another string |
||
client_auth_case_insensitive bool |
Case insensitive forward proxy client auth bypass |
||
client_auth_class_list str |
Forward proxy client auth bypass if SNI string matches class-list (Class List Name) |
||
client_auth_contains_list list |
Field client_auth_contains_list |
||
client_auth_contains str |
Forward proxy bypass if SNI string contains another string |
||
client_auth_ends_with_list list |
Field client_auth_ends_with_list |
||
client_auth_ends_with str |
Forward proxy bypass if SNI string ends with another string |
||
client_auth_equals_list list |
Field client_auth_equals_list |
||
client_auth_equals str |
Forward proxy bypass if SNI string equals another string |
||
client_auth_starts_with_list list |
Field client_auth_starts_with_list |
||
client_auth_starts_with str |
Forward proxy bypass if SNI string starts with another string |
||
forward_proxy_cert_not_ready_action str |
‘bypass’= bypass the connection; ‘reset’= reset the connection; ‘intercept’= wait for cert and then inspect the connection; |
||
web_category dict |
Field web_category |
||
uncategorized bool |
Uncategorized URLs |
||
real_estate bool |
Category Real Estate |
||
computer_and_internet_security bool |
Category Computer and Internet Security |
||
financial_services bool |
Category Financial Services |
||
business_and_economy bool |
Category Business and Economy |
||
computer_and_internet_info bool |
Category Computer and Internet Info |
||
auctions bool |
Category Auctions |
||
shopping bool |
Category Shopping |
||
cult_and_occult bool |
Category Cult and Occult |
||
travel bool |
Category Travel |
||
drugs bool |
Category Abused Drugs |
||
adult_and_pornography bool |
Category Adult and Pornography |
||
home_and_garden bool |
Category Home and Garden |
||
military bool |
Category Military |
||
social_network bool |
Category Social Network |
||
dead_sites bool |
Category Dead Sites (db Ops only) |
||
stock_advice_and_tools bool |
Category Stock Advice and Tools |
||
training_and_tools bool |
Category Training and Tools |
||
dating bool |
Category Dating |
||
sex_education bool |
Category Sex Education |
||
religion bool |
Category Religion |
||
entertainment_and_arts bool |
Category Entertainment and Arts |
||
personal_sites_and_blogs bool |
Category Personal sites and Blogs |
||
legal bool |
Category Legal |
||
local_information bool |
Category Local Information |
||
streaming_media bool |
Category Streaming Media |
||
job_search bool |
Category Job Search |
||
gambling bool |
Category Gambling |
||
translation bool |
Category Translation |
||
reference_and_research bool |
Category Reference and Research |
||
shareware_and_freeware bool |
Category Shareware and Freeware |
||
peer_to_peer bool |
Category Peer to Peer |
||
marijuana bool |
Category Marijuana |
||
hacking bool |
Category Hacking |
||
games bool |
Category Games |
||
philosophy_and_politics bool |
Category Philosophy and Political Advocacy |
||
weapons bool |
Category Weapons |
||
pay_to_surf bool |
Category Pay to Surf |
||
hunting_and_fishing bool |
Category Hunting and Fishing |
||
society bool |
Category Society |
||
educational_institutions bool |
Category Educational Institutions |
||
online_greeting_cards bool |
Category Online Greeting cards |
||
sports bool |
Category Sports |
||
swimsuits_and_intimate_apparel bool |
Category Swimsuits and Intimate Apparel |
||
questionable bool |
Category Questionable |
||
kids bool |
Category Kids |
||
hate_and_racism bool |
Category Hate and Racism |
||
personal_storage bool |
Category Personal Storage |
||
violence bool |
Category Violence |
||
keyloggers_and_monitoring bool |
Category Keyloggers and Monitoring |
||
search_engines bool |
Category Search Engines |
||
internet_portals bool |
Category Internet Portals |
||
web_advertisements bool |
Category Web Advertisements |
||
cheating bool |
Category Cheating |
||
gross bool |
Category Gross |
||
web_based_email bool |
Category Web based email |
||
malware_sites bool |
Category Malware Sites |
||
phishing_and_other_fraud bool |
Category Phishing and Other Frauds |
||
proxy_avoid_and_anonymizers bool |
Category Proxy Avoid and Anonymizers |
||
spyware_and_adware bool |
Category Spyware and Adware |
||
music bool |
Category Music |
||
government bool |
Category Government |
||
nudity bool |
Category Nudity |
||
news_and_media bool |
Category News and Media |
||
illegal bool |
Category Illegal |
||
cdns bool |
Category CDNs |
||
internet_communications bool |
Category Internet Communications |
||
bot_nets bool |
Category Bot Nets |
||
abortion bool |
Category Abortion |
||
health_and_medicine bool |
Category Health and Medicine |
||
confirmed_spam_sources bool |
Category Confirmed SPAM Sources |
||
spam_urls bool |
Category SPAM URLs |
||
unconfirmed_spam_sources bool |
Category Unconfirmed SPAM Sources |
||
open_http_proxies bool |
Category Open HTTP Proxies |
||
dynamic_comment bool |
Category Dynamic Comment |
||
parked_domains bool |
Category Parked Domains |
||
alcohol_and_tobacco bool |
Category Alcohol and Tobacco |
||
private_ip_addresses bool |
Category Private IP Addresses |
||
image_and_video_search bool |
Category Image and Video Search |
||
fashion_and_beauty bool |
Category Fashion and Beauty |
||
recreation_and_hobbies bool |
Category Recreation and Hobbies |
||
motor_vehicles bool |
Category Motor Vehicles |
||
web_hosting_sites bool |
Category Web Hosting Sites |
||
food_and_dining bool |
Category Food and Dining |
||
require_web_category bool |
Wait for web category to be resolved before taking bypass decision |
||
forward_proxy_require_sni_cert_matched str |
‘no-match-action-inspect’= Inspected if not matched; ‘no-match-action-drop’= Dropped if not matched; |
||
key str |
Key Name |
||
key_passphrase str |
Password Phrase |
||
key_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
key_shared_str str |
Key Name |
||
key_shared_passphrase str |
Password Phrase |
||
key_shared_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
key_alternate str |
Specify the second private key (Key Name) |
||
key_alt_passphrase str |
Password Phrase |
||
key_alt_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
key_alt_partition_shared bool |
Key Partition Shared |
||
template_cipher str |
Cipher Template Name |
||
shared_partition_cipher_template bool |
Reference a cipher template from shared partition |
||
template_cipher_shared str |
Cipher Template Name |
||
template_hsm str |
HSM Template (HSM Template Name) |
||
hsm_type str |
‘thales-embed’= Thales embed key; ‘thales-hwcrhk’= Thales hwcrhk Key; |
||
cipher_without_prio_list list |
Field cipher_without_prio_list |
||
cipher_wo_prio str |
‘SSL3_RSA_DES_192_CBC3_SHA’= SSL3_RSA_DES_192_CBC3_SHA; ‘SSL3_RSA_RC4_128_MD5’= SSL3_RSA_RC4_128_MD5; ‘SSL3_RSA_RC4_128_SHA’= SSL3_RSA_RC4_128_SHA; ‘TLS1_RSA_AES_128_SHA’= TLS1_RSA_AES_128_SHA; ‘TLS1_RSA_AES_256_SHA’= TLS1_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_SHA256’= TLS1_RSA_AES_128_SHA256; ‘TLS1_RSA_AES_256_SHA256’= TLS1_RSA_AES_256_SHA256; ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’= TLS1_DHE_RSA_AES_128_GCM_SHA256; ‘TLS1_DHE_RSA_AES_128_SHA’= TLS1_DHE_RSA_AES_128_SHA; ‘TLS1_DHE_RSA_AES_128_SHA256’= TLS1_DHE_RSA_AES_128_SHA256; ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’= TLS1_DHE_RSA_AES_256_GCM_SHA384; ‘TLS1_DHE_RSA_AES_256_SHA’= TLS1_DHE_RSA_AES_256_SHA; ‘TLS1_DHE_RSA_AES_256_SHA256’= TLS1_DHE_RSA_AES_256_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’= TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_SHA’= TLS1_ECDHE_ECDSA_AES_128_SHA; ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’= TLS1_ECDHE_ECDSA_AES_128_SHA256; ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’= TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA’= TLS1_ECDHE_ECDSA_AES_256_SHA; ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’= TLS1_ECDHE_RSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_RSA_AES_128_SHA’= TLS1_ECDHE_RSA_AES_128_SHA; ‘TLS1_ECDHE_RSA_AES_128_SHA256’= TLS1_ECDHE_RSA_AES_128_SHA256; ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’= TLS1_ECDHE_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA’= TLS1_ECDHE_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_GCM_SHA256’= TLS1_RSA_AES_128_GCM_SHA256; ‘TLS1_RSA_AES_256_GCM_SHA384’= TLS1_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA384’= TLS1_ECDHE_RSA_AES_256_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA384’= TLS1_ECDHE_ECDSA_AES_256_SHA384; ‘TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256’= TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256; ‘TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256’= TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256; ‘TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256’= TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256; |
||
server_name_list list |
Field server_name_list |
||
server_name str |
Server name indication in Client hello extension (Server name String) |
||
server_cert str |
Server Certificate associated to SNI (Server Certificate Name) |
||
server_chain str |
Server Certificate Chain associated to SNI (Server Certificate Chain Name) |
||
server_key str |
Server Private Key associated to SNI (Server Private Key Name) |
||
server_passphrase str |
help Password Phrase |
||
server_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
server_name_alternate bool |
Specific the second certifcate |
||
server_shared bool |
Server Name Partition Shared |
||
server_name_regex str |
Server name indication in Client hello extension with regular expression (Server name String with regex) |
||
server_cert_regex str |
Server Certificate associated to SNI regex (Server Certificate Name) |
||
server_chain_regex str |
Server Certificate Chain associated to SNI regex (Server Certificate Chain Name) |
||
server_key_regex str |
Server Private Key associated to SNI regex (Server Private Key Name) |
||
server_passphrase_regex str |
help Password Phrase |
||
server_encrypted_regex str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) |
||
server_name_regex_alternate bool |
Specific the second certifcate |
||
server_shared_regex bool |
Server Name Partition Shared |
||
server_name_auto_map bool |
Enable automatic mapping of server name indication in Client hello extension |
||
sni_enable_log bool |
Enable logging of sni-auto-map failures. Disable by default |
||
direct_client_server_auth bool |
Let backend server does SSL client authentication directly |
||
session_cache_size int |
Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled)) |
||
session_cache_timeout int |
Session Cache Timeout (Timeout value, in seconds. Default value 0 (Session cache timeout disabled)) |
||
session_ticket_lifetime int |
Session ticket lifetime in seconds from stateless session resumption (Lifetime value in seconds. Default value 0 (Session ticket lifetime limit disabled)) |
||
ssl_false_start_disable bool |
disable SSL False Start |
||
disable_sslv3 bool |
Reject Client requests for SSL version 3 |
||
version int |
TLS/SSL version, default is the highest number supported (TLS/SSL version= 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1 and 33-TLSv1.2) |
||
dgversion int |
Lower TLS/SSL version can be downgraded |
||
renegotiation_disable bool |
Disable SSL renegotiation |
||
sslv2_bypass_service_group str |
Service Group for Bypass SSLV2 (Service Group Name) |
||
authorization bool |
Specify LDAP server for client SSL authorizaiton |
||
authen_name str |
Specify authorization LDAP server name |
||
ldap_base_dn_from_cert bool |
Use Subject DN as LDAP search base DN |
||
ldap_search_filter str |
Specify LDAP search filter |
||
auth_sg str |
Specify authorization LDAP service group |
||
auth_sg_dn bool |
Use Subject DN as LDAP search base DN |
||
auth_sg_filter str |
Specify LDAP search filter |
||
auth_username_attribute str |
Specify attribute name of username for client SSL authorization |
||
non_ssl_bypass_service_group str |
Service Group for Bypass non-ssl traffic (Service Group Name) |
||
non_ssl_bypass_l4session bool |
Handle the non-ssl session as L4 for performance optimization |
||
enable_ssli_ftp_alg int |
Enable SSLi FTP over TLS support at which port |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
sampling_enable list |
Field sampling_enable |
||
counters1 str |
‘all’= all; ‘real-estate’= real estate category; ‘computer-and-internet- security’= computer and internet security category; ‘financial-services’= financial services category; ‘business-and-economy’= business and economy category; ‘computer-and-internet-info’= computer and internet info category; ‘auctions’= auctions category; ‘shopping’= shopping category; ‘cult-and- occult’= cult and occult category; ‘travel’= travel category; ‘drugs’= drugs category; ‘adult-and-pornography’= adult and pornography category; ‘home-and- garden’= home and garden category; ‘military’= military category; ‘social- network’= social network category; ‘dead-sites’= dead sites category; ‘stock- advice-and-tools’= stock advice and tools category; ‘training-and-tools’= training and tools category; ‘dating’= dating category; ‘sex-education’= sex education category; ‘religion’= religion category; ‘entertainment-and-arts’= entertainment and arts category; ‘personal-sites-and-blogs’= personal sites and blogs category; ‘legal’= legal category; ‘local-information’= local information category; ‘streaming-media’= streaming media category; ‘job-search’= job search category; ‘gambling’= gambling category; ‘translation’= translation category; ‘reference-and-research’= reference and research category; ‘shareware-and- freeware’= shareware and freeware category; ‘peer-to-peer’= peer to peer category; ‘marijuana’= marijuana category; ‘hacking’= hacking category; ‘games’= games category; ‘philosophy-and-politics’= philosophy and politics category; ‘weapons’= weapons category; ‘pay-to-surf’= pay to surf category; ‘hunting-and-fishing’= hunting and fishing category; ‘society’= society category; ‘educational-institutions’= educational institutions category; ‘online-greeting-cards’= online greeting cards category; ‘sports’= sports category; ‘swimsuits-and-intimate-apparel’= swimsuits and intimate apparel category; ‘questionable’= questionable category; ‘kids’= kids category; ‘hate- and-racism’= hate and racism category; ‘personal-storage’= personal storage category; ‘violence’= violence category; ‘keyloggers-and-monitoring’= keyloggers and monitoring category; ‘search-engines’= search engines category; ‘internet-portals’= internet portals category; ‘web-advertisements’= web advertisements category; ‘cheating’= cheating category; ‘gross’= gross category; ‘web-based-email’= web based email category; ‘malware-sites’= malware sites category; ‘phishing-and-other-fraud’= phishing and other fraud category; ‘proxy-avoid-and-anonymizers’= proxy avoid and anonymizers category; ‘spyware- and-adware’= spyware and adware category; ‘music’= music category; ‘government’= government category; ‘nudity’= nudity category; ‘news-and-media’= news and media category; ‘illegal’= illegal category; ‘CDNs’= content delivery networks category; ‘internet-communications’= internet communications category; ‘bot-nets’= bot nets category; ‘abortion’= abortion category; ‘health-and- medicine’= health and medicine category; ‘confirmed-SPAM-sources’= confirmed SPAM sources category; ‘SPAM-URLs’= SPAM URLs category; ‘unconfirmed-SPAM- sources’= unconfirmed SPAM sources category; ‘open-HTTP-proxies’= open HTTP proxies category; ‘dynamic-comment’= dynamic comment category; ‘parked- domains’= parked domains category; ‘alcohol-and-tobacco’= alcohol and tobacco category; ‘private-IP-addresses’= private IP addresses category; ‘image-and- video-search’= image and video search category; ‘fashion-and-beauty’= fashion and beauty category; ‘recreation-and-hobbies’= recreation and hobbies category; ‘motor-vehicles’= motor vehicles category; ‘web-hosting-sites’= web hosting sites category; ‘food-and-dining’= food and dining category; ‘uncategorised’= uncategorised; ‘other-category’= other category; |
||
oper dict |
Field oper |
||
cert_status_list list |
Field cert_status_list |
||
name str |
Client SSL Template Name |
||
stats dict |
Field stats |
||
real_estate str |
real estate category |
||
computer_and_internet_security str |
computer and internet security category |
||
financial_services str |
financial services category |
||
business_and_economy str |
business and economy category |
||
computer_and_internet_info str |
computer and internet info category |
||
auctions str |
auctions category |
||
shopping str |
shopping category |
||
cult_and_occult str |
cult and occult category |
||
travel str |
travel category |
||
drugs str |
drugs category |
||
adult_and_pornography str |
adult and pornography category |
||
home_and_garden str |
home and garden category |
||
military str |
military category |
||
social_network str |
social network category |
||
dead_sites str |
dead sites category |
||
stock_advice_and_tools str |
stock advice and tools category |
||
training_and_tools str |
training and tools category |
||
dating str |
dating category |
||
sex_education str |
sex education category |
||
religion str |
religion category |
||
entertainment_and_arts str |
entertainment and arts category |
||
personal_sites_and_blogs str |
personal sites and blogs category |
||
legal str |
legal category |
||
local_information str |
local information category |
||
streaming_media str |
streaming media category |
||
job_search str |
job search category |
||
gambling str |
gambling category |
||
translation str |
translation category |
||
reference_and_research str |
reference and research category |
||
shareware_and_freeware str |
shareware and freeware category |
||
peer_to_peer str |
peer to peer category |
||
marijuana str |
marijuana category |
||
hacking str |
hacking category |
||
games str |
games category |
||
philosophy_and_politics str |
philosophy and politics category |
||
weapons str |
weapons category |
||
pay_to_surf str |
pay to surf category |
||
hunting_and_fishing str |
hunting and fishing category |
||
society str |
society category |
||
educational_institutions str |
educational institutions category |
||
online_greeting_cards str |
online greeting cards category |
||
sports str |
sports category |
||
swimsuits_and_intimate_apparel str |
swimsuits and intimate apparel category |
||
questionable str |
questionable category |
||
kids str |
kids category |
||
hate_and_racism str |
hate and racism category |
||
personal_storage str |
personal storage category |
||
violence str |
violence category |
||
keyloggers_and_monitoring str |
keyloggers and monitoring category |
||
search_engines str |
search engines category |
||
internet_portals str |
internet portals category |
||
web_advertisements str |
web advertisements category |
||
cheating str |
cheating category |
||
gross str |
gross category |
||
web_based_email str |
web based email category |
||
malware_sites str |
malware sites category |
||
phishing_and_other_fraud str |
phishing and other fraud category |
||
proxy_avoid_and_anonymizers str |
proxy avoid and anonymizers category |
||
spyware_and_adware str |
spyware and adware category |
||
music str |
music category |
||
government str |
government category |
||
nudity str |
nudity category |
||
news_and_media str |
news and media category |
||
illegal str |
illegal category |
||
CDNs str |
content delivery networks category |
||
internet_communications str |
internet communications category |
||
bot_nets str |
bot nets category |
||
abortion str |
abortion category |
||
health_and_medicine str |
health and medicine category |
||
confirmed_SPAM_sources str |
confirmed SPAM sources category |
||
SPAM_URLs str |
SPAM URLs category |
||
unconfirmed_SPAM_sources str |
unconfirmed SPAM sources category |
||
open_HTTP_proxies str |
open HTTP proxies category |
||
dynamic_comment str |
dynamic comment category |
||
parked_domains str |
parked domains category |
||
alcohol_and_tobacco str |
alcohol and tobacco category |
||
private_IP_addresses str |
private IP addresses category |
||
image_and_video_search str |
image and video search category |
||
fashion_and_beauty str |
fashion and beauty category |
||
recreation_and_hobbies str |
recreation and hobbies category |
||
motor_vehicles str |
motor vehicles category |
||
web_hosting_sites str |
web hosting sites category |
||
food_and_dining str |
food and dining category |
||
uncategorised str |
uncategorised |
||
other_category str |
other category |
||
name str |
Client SSL Template Name |
||