slb template client-ssl¶
Client SSL Template
client-ssl Specification¶
Parameter
Value
Type
Collection
Object Key(s)
name
Collection Name
Collection URI
/axapi/v3/slb/template/client-ssl
Element Name
client-ssl
Element URI
/axapi/v3/slb/template/client-ssl/{name}
Element Attributes
client-ssl_attributes
Partition Visibility
shared
Operational Data URI
/axapi/v3/slb/template/client-ssl/{name}/oper
Schema
Operations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/slb/template/client-ssl | ||
Create List | POST | /axapi/v3/slb/template/client-ssl | ||
Get Object | GET | /axapi/v3/slb/template/client-ssl/{name} | ||
Get List | GET | /axapi/v3/slb/template/client-ssl | ||
Modify Object | POST | /axapi/v3/slb/template/client-ssl/{name} | ||
Replace Object | PUT | /axapi/v3/slb/template/client-ssl/{name} | ||
Replace List | PUT | /axapi/v3/slb/template/client-ssl | ||
Delete Object | DELETE | /axapi/v3/slb/template/client-ssl/{name} | ||
client-ssl-list¶
client-ssl-list is JSON List of client-ssl attributes
client-ssl-list : [
]
client-ssl attributes¶
ad-group-list
Description Forward proxy bypass if ad-group matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
alert-type
Description ‘fatal’: Log fatal alerts;
Type: string
Supported Values: fatal
auth-sg
Description Specify authorization LDAP service group
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: auth-sg and authen-name are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/service-group
auth-sg-dn
Description Use Subject DN as LDAP search base DN
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-sg-filter
Description Specify LDAP search filter
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
auth-username
Description Specify the Username Field in the Client Certificate(If multi-fields are specificed, prior one has higher priority)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
auth-username-attribute
Description Specify attribute name of username for client SSL authorization
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
authen-name
Description Specify authorization LDAP server name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: authen-name and auth-sg are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/server/ldap
authorization
Description Specify LDAP server for client SSL authorizaiton
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
bypass-cert-issuer-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-issuer-class-list-name and bypass-cert-issuer-multi-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
bypass-cert-issuer-multi-class-list
Type: List
bypass-cert-san-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-san-class-list-name and bypass-cert-san-multi-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
bypass-cert-san-multi-class-list
Type: List
bypass-cert-subject-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-subject-class-list-name and bypass-cert-subject-multi-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
bypass-cert-subject-multi-class-list
Type: List
ca-certs
Type: List
cache-persistence-list-name
Description Class List Name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
case-insensitive
Description Case insensitive forward proxy bypass
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
cert-revoke-action
Description ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection; ‘block’: block the connection with a warning page;
Type: string
Supported Values: bypass, continue, drop, block
Default: bypass
cert-unknown-action
Description ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection; ‘block’: block the connection with a warning page;
Type: string
Supported Values: bypass, continue, drop, block
Default: bypass
certificate-issuer-contains-list
Type: List
certificate-issuer-ends-with-list
Type: List
certificate-issuer-equals-list
Type: List
certificate-issuer-starts-with-list
Type: List
certificate-list
Type: List
Reference Object: /axapi/v3/slb/template/client-ssl/{name}/certificate/{cert}
certificate-san-contains-list
Type: List
certificate-san-ends-with-list
Type: List
certificate-san-equals-list
Type: List
certificate-san-starts-with-list
Type: List
certificate-subject-contains-list
Type: List
certificate-subject-ends-with-list
Type: List
certificate-subject-equals-list
Type: List
certificate-subject-starts-with-list
Type: List
chain-cert
Description Chain Certificate Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: chain-cert and chain-cert-shared-str are mutually exclusive
chain-cert-shared-str
Description Chain Certificate Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: chain-cert-shared-str and chain-cert are mutually exclusive
cipher-without-prio-list
Type: List
class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: class-list-name and multi-clist-name are mutually exclusive
Reference Object: /axapi/v3/class-list
client-auth-case-insensitive
Description Case insensitive forward proxy client auth bypass
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-auth-class-list
Description Forward proxy client auth bypass if SNI string matches class-list (Class List Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-auth-contains-list
Type: List
client-auth-ends-with-list
Type: List
client-auth-equals-list
Type: List
client-auth-starts-with-list
Type: List
client-certificate
Description ‘Ignore’: Don’t request client certificate; ‘Require’: Require client certificate; ‘Request’: Request client certificate;
Type: string
Supported Values: Ignore, Require, Request
Default: Ignore
close-notify
Description Send close notification when terminate connection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
contains-list
Type: List
crl-certs
Type: List
dgversion
Description Lower TLS/SSL version can be downgraded
Type: number
Range: 30-34
Default: 31
dh-type
Description ‘1024’: 1024; ‘1024-dsa’: 1024-dsa; ‘2048’: 2048;
Type: string
Supported Values: 1024, 1024-dsa, 2048
direct-client-server-auth
Description Let backend server does SSL client authentication directly
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-sslv3
Description Reject Client requests for SSL version 3
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
early-data
Description Enable TLS 1.3 early data (0-RTT)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ec-list
Type: List
enable-ssli-ftp-alg
Description Enable SSLi FTP over TLS support at which port
Type: number
Range: 1-65535
enable-tls-alert-logging
Description Enable TLS alert logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ends-with-list
Type: List
equals-list
Type: List
exception-ad-group-list
Description Exceptions to forward proxy bypass if ad-group matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-certificate-issuer-cl-name
Description Exceptions to forward-proxy-bypass
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-certificate-san-cl-name
Description Exceptions to forward-proxy-bypass
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-certificate-subject-cl-name
Description Exceptions to forward-proxy-bypass
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-sni-cl-name
Description Exceptions to forward-proxy-bypass
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-user-name-list
Description Exceptions to forward proxy bypass if user-name matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
exception-web-category
Type: List
exception-web-reputation
Description: exception-web-reputation is a JSON Block. Please see below for exception-web-reputation
Type: Object
expire-hours
Description Certificate lifetime in hours
Type: number
Range: 1-168
forward-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)
Mutual Exclusion: forward-encrypted and fp-ca-certificate are mutually exclusive
forward-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: forward-passphrase and fp-ca-certificate are mutually exclusive
forward-proxy-alt-sign
Description Forward proxy alternate signing cert and key
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-block-message
Description Message to be included on the block page (Message, enclose in quotes if spaces are present)
Type: string
Format: string-rlx
Maximum Length: 1023 characters
Maximum Length: 1 characters
forward-proxy-ca-cert
Description CA Certificate for forward proxy (SSL forward proxy CA Certificate Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: forward-proxy-ca-cert,fp-ca-certificate, fp-ca-key, fp-ca-key-pass-phrase, fp-ca-key-passphrase, fp-ca-key-encrypted, fp-ca-chain-cert, and fp-ca-certificate-shared are mutually exclusive
forward-proxy-ca-key
Description CA Private Key for forward proxy (SSL forward proxy CA Key Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: forward-proxy-ca-key,fp-ca-certificate, fp-ca-key, fp-ca-key-pass-phrase, fp-ca-key-passphrase, fp-ca-key-encrypted, fp-ca-chain-cert, and fp-ca-certificate-shared are mutually exclusive
forward-proxy-cert-cache-limit
Description Certificate cache size limit, default is 524288 (set to 0 for unlimited size)
Type: number
Range: 0-2147483647
Default: 524288
forward-proxy-cert-cache-timeout
Description Certificate cache timeout, default is 1 hour (seconds, set to 0 for never timeout)
Type: number
Range: 0-2147483647
Default: 3600
forward-proxy-cert-expiry
Description Adjust certificate expiry relative to the time when it is created on the device
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-cert-not-ready-action
Description ‘bypass’: bypass the connection; ‘reset’: reset the connection; ‘intercept’: wait for cert and then inspect the connection;
Type: string
Supported Values: bypass, reset, intercept
Default: bypass
forward-proxy-cert-revoke-action
Description Action taken if a certificate is irreversibly revoked, bypass SSLi processing by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
forward-proxy-cert-unknown-action
Description Action taken if a certificate revocation status is unknown, bypass SSLi processing by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
forward-proxy-crl-disable
Description Disable Certificate Revocation List checking for forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-decrypted-dscp
Description Apply a DSCP to decrypted and bypassed traffic (DSCP to apply to decrypted traffic)
Type: number
Range: 1-63
forward-proxy-decrypted-dscp-bypass
Description DSCP to apply to bypassed traffic
Type: number
Range: 1-63
forward-proxy-enable
Description Enable SSL forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-esni-action
Description Action taken if receiving encrypted server name indication extension in client hello MSG, bypass the connection by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-failsafe-disable
Description Disable Failsafe for SSL forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-hash-persistence-interval
Description Set the time interval to save the hash persistence certs (Interval value, in minutes)
Type: number
Range: 1-720
Default: 30
forward-proxy-log-disable
Description Disable SSL forward proxy logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-no-shared-cipher-action
Description Action taken if handshake fails due to no shared ciper, close the connection by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
forward-proxy-no-sni-action
Description ‘intercept’: intercept in no SNI case; ‘bypass’: bypass in no SNI case; ‘reset’: reset in no SNI case;
Type: string
Supported Values: intercept, bypass, reset
Default: intercept
forward-proxy-ocsp-disable
Description Disable ocsp-stapling for forward proxy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-require-sni-cert-matched
Description ‘no-match-action-inspect’: Inspected if not matched; ‘no-match-action-drop’: Dropped if not matched;
Type: string
Supported Values: no-match-action-inspect, no-match-action-drop
forward-proxy-selfsign-redir
Description Redirect connections to pages with self signed certs to a warning page
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-ssl-version
Description TLS/SSL version, default is TLS1.2 (TLS/SSL version: 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3)
Type: number
Range: 31-34
Default: 33
forward-proxy-trusted-ca-lists
Type: List
forward-proxy-verify-cert-fail-action
Description Action taken if certificate verification fails, close the connection by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
fp-alt-cert
Description CA Certificate for forward proxy alternate signing (Certificate name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
fp-alt-chain-cert
Description Chain Certificate (Chain Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
fp-alt-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)
fp-alt-key
Description CA Private Key for forward proxy alternate signing (Key name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
fp-alt-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
fp-alt-shared
Description Alternate CA Certificate and Private Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fp-ca-certificate
Description CA Certificate for forward proxy (SSL forward proxy CA Certificate Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-ca-certificate,forward-proxy-ca-cert, fp-ca-shared, forward-proxy-ca-key, forward-passphrase, forward-encrypted, and fp-ca-key-shared are mutually exclusive
fp-ca-certificate-shared
Description CA Private Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: fp-ca-certificate-shared, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-chain-cert
Description Chain Certificate (Chain Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-ca-chain-cert, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-key
Description CA Private Key for forward proxy (SSL forward proxy CA Key Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-ca-key, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)
Mutual Exclusion: fp-ca-key-encrypted, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-key-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-ca-key-passphrase, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive
fp-ca-key-shared
Description CA Private Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: fp-ca-key-shared and fp-ca-certificate are mutually exclusive
fp-ca-shared
Description CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: fp-ca-shared and fp-ca-certificate are mutually exclusive
fp-cert-ext-aia-ca-issuers
Description CA Issuers (Authority Information Access URI)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-cert-ext-aia-ca-issuers and fp-cert-ext-aia-ocsp are mutually exclusive
fp-cert-ext-aia-ocsp
Description OCSP (Authority Information Access URI)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-cert-ext-aia-ocsp and fp-cert-ext-aia-ca-issuers are mutually exclusive
fp-cert-ext-crldp
Description CRL Distribution Point (CRL Distribution Point URI)
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
fp-cert-fetch-autonat
Description ‘auto’: Configure auto NAT for server certificate fetching;
Type: string
Supported Values: auto
Mutual Exclusion: fp-cert-fetch-autonat and fp-cert-fetch-natpool-name are mutually exclusive
fp-cert-fetch-autonat-precedence
Description Set this NAT pool as higher precedence than other source NAT like configued under template policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fp-cert-fetch-natpool-name
Description Specify NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: fp-cert-fetch-natpool-name, shared-partition-pool, and fp-cert-fetch-autonat are mutually exclusive
Reference Object: /axapi/v3/ip/nat/pool
fp-cert-fetch-natpool-name-shared
Description Specify NAT pool or pool group
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ip/nat/pool
fp-cert-fetch-natpool-precedence
Description Set this NAT pool as higher precedence than other source NAT like configued under template policy
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fp-esni-action
Description ‘bypass’: bypass SSLi processing; ‘drop’: close the connection;
Type: string
Supported Values: bypass, drop
Default: bypass
handshake-logging-enable
Description Enable SSL handshake logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hsm-type
Description ‘thales-embed’: Thales embed key; ‘thales-hwcrhk’: Thales hwcrhk Key;
Type: string
Supported Values: thales-embed, thales-hwcrhk
inspect-certificate-issuer-cl-name
Description Forward proxy Inspect if Certificate issuer matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
inspect-certificate-san-cl-name
Description Forward proxy Inspect if Certificate Subject Alternative Name matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
inspect-certificate-subject-cl-name
Description Forward proxy Inspect if Certificate Subject matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
inspect-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
ldap-base-dn-from-cert
Description Use Subject DN as LDAP search base DN
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ldap-search-filter
Description Specify LDAP search filter
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
local-logging
Description Enable local logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
multi-class-list
Type: List
name
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
no-anti-replay
Description Disable anti-replay protection for TLS 1.3 early data (0-RTT data)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
no-shared-cipher-action
Description ‘bypass’: bypass SSLi processing; ‘drop’: close the connection;
Type: string
Supported Values: bypass, drop
Default: drop
non-ssl-bypass-l4session
Description Handle the non-ssl session as L4 for performance optimization
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
non-ssl-bypass-service-group
Description Service Group for Bypass non-ssl traffic (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
notafter
Description notAfter date
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
notafterday
Description Day
Type: number
Range: 1-31
notaftermonth
Description Month
Type: number
Range: 1-12
notafteryear
Description Year
Type: number
Range: 2005-2035
notbefore
Description notBefore date
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
notbeforeday
Description Day
Type: number
Range: 1-31
notbeforemonth
Description Month
Type: number
Range: 1-12
notbeforeyear
Description Year
Type: number
Range: 2005-2035
ocsp-stapling
Description Config OCSP stapling support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ocspst-ca-cert
Description CA certificate
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
ocspst-ocsp
Description Specify OCSP Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ocspst-sg
Description Specify authentication service group
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: ocspst-sg and ocspst-srvr are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/service-group
ocspst-sg-days
Description Specify update period, in days
Type: number
Range: 1-31
Mutual Exclusion: ocspst-sg-days, ocspst-sg-hours, and ocspst-sg-minutes are mutually exclusive
ocspst-sg-hours
Description Specify update period, in hours
Type: number
Range: 1-23
Default: 1
Mutual Exclusion: ocspst-sg-hours, ocspst-sg-days, and ocspst-sg-minutes are mutually exclusive
ocspst-sg-minutes
Description Specify update period, in minutes
Type: number
Range: 1-59
Mutual Exclusion: ocspst-sg-minutes, ocspst-sg-days, and ocspst-sg-hours are mutually exclusive
ocspst-sg-timeout
Description Specify retry timeout (Default is 30 mins)
Type: number
Range: 1-44640
Default: 30
ocspst-srvr
Description Specify OCSP authentication server
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ocspst-srvr and ocspst-sg are mutually exclusive
Reference Object: /axapi/v3/aam/authentication/server/ocsp
ocspst-srvr-days
Description Specify update period, in days
Type: number
Range: 1-31
Mutual Exclusion: ocspst-srvr-days, ocspst-srvr-hours, and ocspst-srvr-minutes are mutually exclusive
ocspst-srvr-hours
Description Specify update period, in hours
Type: number
Range: 1-23
Default: 1
Mutual Exclusion: ocspst-srvr-hours, ocspst-srvr-days, and ocspst-srvr-minutes are mutually exclusive
ocspst-srvr-minutes
Description Specify update period, in minutes
Type: number
Range: 1-59
Mutual Exclusion: ocspst-srvr-minutes, ocspst-srvr-days, and ocspst-srvr-hours are mutually exclusive
ocspst-srvr-timeout
Description Specify retry timeout (Default is 30 mins)
Type: number
Range: 1-44640
Default: 30
renegotiation-disable
Description Disable SSL renegotiation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
req-ca-lists
Type: List
require-web-category
Description Wait for web category to be resolved before taking bypass decision
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sampling-enable
Type: List
server-name-auto-map
Description Enable automatic mapping of server name indication in Client hello extension
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-name-list
Type: List
session-cache-size
Description Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled))
Type: number
session-cache-timeout
Description Session Cache Timeout (Timeout value, in seconds. Default value 0 (Session cache timeout disabled))
Type: number
Range: 0-604800
Default: 0
session-ticket-disable
Description Disable client side session ticket support
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
session-ticket-lifetime
Description Session ticket lifetime in seconds from stateless session resumption (Lifetime value in seconds. Default value 0 (Session ticket lifetime is 7200 seconds))
Type: number
Range: 0-2147483647
Default: 0
shared-partition-cipher-template
Description Reference a cipher template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-cipher-template, template-cipher, and cipher-wo-prio are mutually exclusive
shared-partition-pool
Description Reference a NAT pool or pool group from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: shared-partition-pool and fp-cert-fetch-natpool-name are mutually exclusive
sni-bypass-enable-log
Description Enable logging when bypass event happens, disabled by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-bypass-expired-cert
Description Bypass when certificate expired
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-bypass-explicit-list
Description Bypass when matched explicit bypass list (Specify class list name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
sni-bypass-missing-cert
Description Bypass when missing cert/key
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-enable-log
Description Enable logging of sni-auto-map failures. Disable by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ssl-false-start-disable
Description disable SSL False Start
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ssli-logging
Description SSLi logging level, default is error logging only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sslilogging
Description ‘disable’: Disable all logging; ‘all’: enable all logging(error, info);
Type: string
Supported Values: disable, all
sslv2-bypass-service-group
Description Service Group for Bypass SSLV2 (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/service-group
starts-with-list
Type: List
template-cipher
Description Cipher Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: template-cipher, shared-partition-cipher-template, and cipher-wo-prio are mutually exclusive
Reference Object: /axapi/v3/slb/template/cipher
template-cipher-shared
Description Cipher Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/cipher
template-hsm
Description HSM Template (HSM Template Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/hsm/template
user-name-list
Description Forward proxy bypass if user-name matches class-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
verify-cert-fail-action
Description ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection; ‘block’: block the connection with a warning page;
Type: string
Supported Values: bypass, continue, drop, block
Default: drop
version
Description TLS/SSL version, default is the highest number supported (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3)
Type: number
Range: 1-34
web-category
Type: List
web-reputation
Description: web-reputation is a JSON Block. Please see below for web-reputation
Type: Object
ca-certs¶
Specification
Value
Type
list
Block object keys
ca-cert
Description CA Certificate (CA Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
ca-shared
Description CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-ocsp
Description Specify ocsp authentication server(s) for client certificate verification
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-ocsp-sg
Description Specify service-group (Service group name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/service-group
client-ocsp-srvr
Description Specify authentication server
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/server/ocsp/instance
ec-list¶
Specification
Value
Type
list
Block object keys
ec
Description ‘secp256r1’: X9_62_prime256v1; ‘secp384r1’: secp384r1;
Type: string
Supported Values: secp256r1, secp384r1, secp521r1, x25519
req-ca-lists¶
Specification
Value
Type
list
Block object keys
client-cert-req-ca-shared
Description CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-certificate-Request-CA
Description Send CA lists in certificate request (CA Certificate Name)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
crl-certs¶
Specification
Value
Type
list
Block object keys
crl
Description Certificate Revocation Lists (Certificate Revocation Lists file name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
crl-shared
Description Certificate Revocation Lists Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
forward-proxy-trusted-ca-lists¶
Specification
Value
Type
list
Block object keys
forward-proxy-trusted-ca
Description Forward proxy trusted CA file (CA file name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
fp-trusted-ca-shared
Description Trusted CA Certificate Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
multi-class-list¶
Specification
Value
Type
list
Block object keys
multi-clist-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: multi-clist-name and class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
contains-list¶
Specification
Value
Type
list
Block object keys
contains
Description Forward proxy bypass if SNI string contains another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ends-with-list¶
Specification
Value
Type
list
Block object keys
ends-with
Description Forward proxy bypass if SNI string ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
equals-list¶
Specification
Value
Type
list
Block object keys
equals
Description Forward proxy bypass if SNI string equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
starts-with-list¶
Specification
Value
Type
list
Block object keys
starts-with
Description Forward proxy bypass if SNI string starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-subject-contains-list¶
Specification
Value
Type
list
Block object keys
certificate-subject-contains
Description Forward proxy bypass if Certificate Subject contains another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
bypass-cert-subject-multi-class-list¶
Specification
Value
Type
list
Block object keys
bypass-cert-subject-multi-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-subject-multi-class-list-name and bypass-cert-subject-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
certificate-subject-ends-with-list¶
Specification
Value
Type
list
Block object keys
certificate-subject-ends-with
Description Forward proxy bypass if Certificate Subject ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-subject-equals-list¶
Specification
Value
Type
list
Block object keys
certificate-subject-equals
Description Forward proxy bypass if Certificate Subject equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-subject-starts-with-list¶
Specification
Value
Type
list
Block object keys
certificate-subject-starts
Description Forward proxy bypass if Certificate Subject starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-issuer-contains-list¶
Specification
Value
Type
list
Block object keys
certificate-issuer-contains
Description Forward proxy bypass if Certificate issuer contains another string (Certificate issuer)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
bypass-cert-issuer-multi-class-list¶
Specification
Value
Type
list
Block object keys
bypass-cert-issuer-multi-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-issuer-multi-class-list-name and bypass-cert-issuer-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
certificate-issuer-ends-with-list¶
Specification
Value
Type
list
Block object keys
certificate-issuer-ends-with
Description Forward proxy bypass if Certificate issuer ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-issuer-equals-list¶
Specification
Value
Type
list
Block object keys
certificate-issuer-equals
Description Forward proxy bypass if Certificate issuer equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-issuer-starts-with-list¶
Specification
Value
Type
list
Block object keys
certificate-issuer-starts
Description Forward proxy bypass if Certificate issuer starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-san-contains-list¶
Specification
Value
Type
list
Block object keys
certificate-san-contains
Description Forward proxy bypass if Certificate SAN contains another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
bypass-cert-san-multi-class-list¶
Specification
Value
Type
list
Block object keys
bypass-cert-san-multi-class-list-name
Description Class List Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: bypass-cert-san-multi-class-list-name and bypass-cert-san-class-list-name are mutually exclusive
Reference Object: /axapi/v3/class-list
certificate-san-ends-with-list¶
Specification
Value
Type
list
Block object keys
certificate-san-ends-with
Description Forward proxy bypass if Certificate SAN ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-san-equals-list¶
Specification
Value
Type
list
Block object keys
certificate-san-equals
Description Forward proxy bypass if Certificate SAN equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
certificate-san-starts-with-list¶
Specification
Value
Type
list
Block object keys
certificate-san-starts
Description Forward proxy bypass if Certificate SAN starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-auth-contains-list¶
Specification
Value
Type
list
Block object keys
client-auth-contains
Description Forward proxy bypass if SNI string contains another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-auth-ends-with-list¶
Specification
Value
Type
list
Block object keys
client-auth-ends-with
Description Forward proxy bypass if SNI string ends with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-auth-equals-list¶
Specification
Value
Type
list
Block object keys
client-auth-equals
Description Forward proxy bypass if SNI string equals another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
client-auth-starts-with-list¶
Specification
Value
Type
list
Block object keys
client-auth-starts-with
Description Forward proxy bypass if SNI string starts with another string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
web-reputation¶
Specification
Value
Type
object
bypass-low-risk
Description Bypass when reputation score is greater than or equal to 61
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-low-risk,bypass-trustworthy, bypass-moderate-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive
bypass-malicious
Description Bypass when reputation score is greater than or equal to 1
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-malicious,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-suspicious, and bypass-threshold are mutually exclusive
bypass-moderate-risk
Description Bypass when reputation score is greater than or equal to 41
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-moderate-risk,bypass-trustworthy, bypass-low-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive
bypass-suspicious
Description Bypass when reputation score is greater than or equal to 21
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-suspicious,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-malicious, and bypass-threshold are mutually exclusive
bypass-threshold
Description Bypass when reputation score is greater than or equal to the customized score (1-100)
Type: number
Range: 1-100
Mutual Exclusion: bypass-threshold,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-suspicious, and bypass-malicious are mutually exclusive
bypass-trustworthy
Description Bypass when reputation score is greater than or equal to 81
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: bypass-trustworthy,bypass-low-risk, bypass-moderate-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive
exception-web-reputation¶
Specification
Value
Type
object
exception-low-risk
Description Intercept when reputation score is less than or equal to 80
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-low-risk,exception-trustworthy, exception-moderate-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive
exception-malicious
Description Intercept when reputation score is less than or equal to 20
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-malicious,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-suspicious, and exception-threshold are mutually exclusive
exception-moderate-risk
Description Intercept when reputation score is less than or equal to 60
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-moderate-risk,exception-trustworthy, exception-low-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive
exception-suspicious
Description Intercept when reputation score is less than or equal to 40
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-suspicious,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-malicious, and exception-threshold are mutually exclusive
exception-threshold
Description Intercept when reputation score is less than or equal to a customized value (1-100)
Type: number
Range: 1-100
Mutual Exclusion: exception-threshold,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-suspicious, and exception-malicious are mutually exclusive
exception-trustworthy
Description Intercept when reputation score is less than or equal to 100
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: exception-trustworthy,exception-low-risk, exception-moderate-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive
web-category¶
Specification
Value
Type
list
Block object keys
bypassed-category
Description ‘uncategorized’: Uncategorized URLs; ‘real-estate’: Category Real Estate; ‘computer-and-internet-security’: Category Computer and Internet Security; ‘financial-services’: Category Financial Services; ‘business-and-economy’: Category Business and Economy; ‘computer-and-internet-info’: Category Computer and Internet Info; ‘auctions’: Category Auctions; ‘shopping’: Category Shopping; ‘cult-and-occult’: Category Cult and Occult; ‘travel’: Category Travel; ‘drugs’: Category Abused Drugs; ‘adult-and-pornography’: Category Adult and Pornography; ‘home-and-garden’: Category Home and Garden; ‘military’: Category Military; ‘social-network’: Category Social Network; ‘dead-sites’: Category Dead Sites (db Ops only); ‘stock-advice-and-tools’: Category Stock Advice and Tools; ‘training-and-tools’: Category Training and Tools; ‘dating’: Category Dating; ‘sex-education’: Category Sex Education; ‘religion’: Category Religion; ‘entertainment-and-arts’: Category Entertainment and Arts; ‘personal-sites-and-blogs’: Category Personal sites and Blogs; ‘legal’: Category Legal; ‘local-information’: Category Local Information; ‘streaming-media’: Category Streaming Media; ‘job-search’: Category Job Search; ‘gambling’: Category Gambling; ‘translation’: Category Translation; ‘reference-and-research’: Category Reference and Research; ‘shareware-and-freeware’: Category Shareware and Freeware; ‘peer-to-peer’: Category Peer to Peer; ‘marijuana’: Category Marijuana; ‘hacking’: Category Hacking; ‘games’: Category Games; ‘philosophy-and-politics’: Category Philosophy and Political Advocacy; ‘weapons’: Category Weapons; ‘pay-to-surf’: Category Pay to Surf; ‘hunting-and-fishing’: Category Hunting and Fishing; ‘society’: Category Society; ‘educational-institutions’: Category Educational Institutions; ‘online-greeting-cards’: Category Online Greeting cards; ‘sports’: Category Sports; ‘swimsuits-and-intimate-apparel’: Category Swimsuits and Intimate Apparel; ‘questionable’: Category Questionable; ‘kids’: Category Kids; ‘hate-and-racism’: Category Hate and Racism; ‘personal-storage’: Category Personal Storage; ‘violence’: Category Violence; ‘keyloggers-and-monitoring’: Category Keyloggers and Monitoring; ‘search-engines’: Category Search Engines; ‘internet-portals’: Category Internet Portals; ‘web-advertisements’: Category Web Advertisements; ‘cheating’: Category Cheating; ‘gross’: Category Gross; ‘web-based-email’: Category Web based email; ‘malware-sites’: Category Malware Sites; ‘phishing-and-other-fraud’: Category Phishing and Other Frauds; ‘proxy-avoid-and-anonymizers’: Category Proxy Avoid and Anonymizers; ‘spyware-and-adware’: Category Spyware and Adware; ‘music’: Category Music; ‘government’: Category Government; ‘nudity’: Category Nudity; ‘news-and-media’: Category News and Media; ‘illegal’: Category Illegal; ‘cdns’: Category CDNs; ‘internet-communications’: Category Internet Communications; ‘bot-nets’: Category Bot Nets; ‘abortion’: Category Abortion; ‘health-and-medicine’: Category Health and Medicine; ‘spam-urls’: Category SPAM URLs; ‘dynamically-generated-content’: Category Dynamically Generated Content; ‘parked-domains’: Category Parked Domains; ‘alcohol-and-tobacco’: Category Alcohol and Tobacco; ‘image-and-video-search’: Category Image and Video Search; ‘fashion-and-beauty’: Category Fashion and Beauty; ‘recreation-and-hobbies’: Category Recreation and Hobbies; ‘motor-vehicles’: Category Motor Vehicles; ‘web-hosting-sites’: Category Web Hosting Sites; ‘self-harm’: Category Self Harm; ‘dns-over-https’: Category DNS over HTTPs; ‘low-thc-cannabis-products’: Category Low-THC Cannabis Products; ‘generative-ai’: Category Generative AI; ‘nudity-artistic’: Category Artistic Nudity; ‘illegal-pornography’: Category Illegal Pornography eg. Child Sexual Abuse;
Type: string
Supported Values: uncategorized, real-estate, computer-and-internet-security, financial-services, business-and-economy, computer-and-internet-info, auctions, shopping, cult-and-occult, travel, drugs, adult-and-pornography, home-and-garden, military, social-network, dead-sites, stock-advice-and-tools, training-and-tools, dating, sex-education, religion, entertainment-and-arts, personal-sites-and-blogs, legal, local-information, streaming-media, job-search, gambling, translation, reference-and-research, shareware-and-freeware, peer-to-peer, marijuana, hacking, games, philosophy-and-politics, weapons, pay-to-surf, hunting-and-fishing, society, educational-institutions, online-greeting-cards, sports, swimsuits-and-intimate-apparel, questionable, kids, hate-and-racism, personal-storage, violence, keyloggers-and-monitoring, search-engines, internet-portals, web-advertisements, cheating, gross, web-based-email, malware-sites, phishing-and-other-fraud, proxy-avoid-and-anonymizers, spyware-and-adware, music, government, nudity, news-and-media, illegal, cdns, internet-communications, bot-nets, abortion, health-and-medicine, spam-urls, dynamically-generated-content, parked-domains, alcohol-and-tobacco, image-and-video-search, fashion-and-beauty, recreation-and-hobbies, motor-vehicles, web-hosting-sites, self-harm, dns-over-https, low-thc-cannabis-products, generative-ai, nudity-artistic, illegal-pornography
exception-web-category¶
Specification
Value
Type
list
Block object keys
exception-category
Description ‘uncategorized’: Uncategorized URLs; ‘real-estate’: Category Real Estate; ‘computer-and-internet-security’: Category Computer and Internet Security; ‘financial-services’: Category Financial Services; ‘business-and-economy’: Category Business and Economy; ‘computer-and-internet-info’: Category Computer and Internet Info; ‘auctions’: Category Auctions; ‘shopping’: Category Shopping; ‘cult-and-occult’: Category Cult and Occult; ‘travel’: Category Travel; ‘drugs’: Category Abused Drugs; ‘adult-and-pornography’: Category Adult and Pornography; ‘home-and-garden’: Category Home and Garden; ‘military’: Category Military; ‘social-network’: Category Social Network; ‘dead-sites’: Category Dead Sites (db Ops only); ‘stock-advice-and-tools’: Category Stock Advice and Tools; ‘training-and-tools’: Category Training and Tools; ‘dating’: Category Dating; ‘sex-education’: Category Sex Education; ‘religion’: Category Religion; ‘entertainment-and-arts’: Category Entertainment and Arts; ‘personal-sites-and-blogs’: Category Personal sites and Blogs; ‘legal’: Category Legal; ‘local-information’: Category Local Information; ‘streaming-media’: Category Streaming Media; ‘job-search’: Category Job Search; ‘gambling’: Category Gambling; ‘translation’: Category Translation; ‘reference-and-research’: Category Reference and Research; ‘shareware-and-freeware’: Category Shareware and Freeware; ‘peer-to-peer’: Category Peer to Peer; ‘marijuana’: Category Marijuana; ‘hacking’: Category Hacking; ‘games’: Category Games; ‘philosophy-and-politics’: Category Philosophy and Political Advocacy; ‘weapons’: Category Weapons; ‘pay-to-surf’: Category Pay to Surf; ‘hunting-and-fishing’: Category Hunting and Fishing; ‘society’: Category Society; ‘educational-institutions’: Category Educational Institutions; ‘online-greeting-cards’: Category Online Greeting cards; ‘sports’: Category Sports; ‘swimsuits-and-intimate-apparel’: Category Swimsuits and Intimate Apparel; ‘questionable’: Category Questionable; ‘kids’: Category Kids; ‘hate-and-racism’: Category Hate and Racism; ‘personal-storage’: Category Personal Storage; ‘violence’: Category Violence; ‘keyloggers-and-monitoring’: Category Keyloggers and Monitoring; ‘search-engines’: Category Search Engines; ‘internet-portals’: Category Internet Portals; ‘web-advertisements’: Category Web Advertisements; ‘cheating’: Category Cheating; ‘gross’: Category Gross; ‘web-based-email’: Category Web based email; ‘malware-sites’: Category Malware Sites; ‘phishing-and-other-fraud’: Category Phishing and Other Frauds; ‘proxy-avoid-and-anonymizers’: Category Proxy Avoid and Anonymizers; ‘spyware-and-adware’: Category Spyware and Adware; ‘music’: Category Music; ‘government’: Category Government; ‘nudity’: Category Nudity; ‘news-and-media’: Category News and Media; ‘illegal’: Category Illegal; ‘cdns’: Category CDNs; ‘internet-communications’: Category Internet Communications; ‘bot-nets’: Category Bot Nets; ‘abortion’: Category Abortion; ‘health-and-medicine’: Category Health and Medicine; ‘spam-urls’: Category SPAM URLs; ‘dynamically-generated-content’: Category Dynamically Generated Content; ‘parked-domains’: Category Parked Domains; ‘alcohol-and-tobacco’: Category Alcohol and Tobacco; ‘image-and-video-search’: Category Image and Video Search; ‘fashion-and-beauty’: Category Fashion and Beauty; ‘recreation-and-hobbies’: Category Recreation and Hobbies; ‘motor-vehicles’: Category Motor Vehicles; ‘web-hosting-sites’: Category Web Hosting Sites; ‘self-harm’: Category Self Harm; ‘dns-over-https’: Category DNS over HTTPs; ‘low-thc-cannabis-products’: Category Low-THC Cannabis Products; ‘generative-ai’: Category Generative AI; ‘nudity-artistic’: Category Artistic Nudity; ‘illegal-pornography’: Category Illegal Pornography eg. Child Sexual Abuse;
Type: string
Supported Values: uncategorized, real-estate, computer-and-internet-security, financial-services, business-and-economy, computer-and-internet-info, auctions, shopping, cult-and-occult, travel, drugs, adult-and-pornography, home-and-garden, military, social-network, dead-sites, stock-advice-and-tools, training-and-tools, dating, sex-education, religion, entertainment-and-arts, personal-sites-and-blogs, legal, local-information, streaming-media, job-search, gambling, translation, reference-and-research, shareware-and-freeware, peer-to-peer, marijuana, hacking, games, philosophy-and-politics, weapons, pay-to-surf, hunting-and-fishing, society, educational-institutions, online-greeting-cards, sports, swimsuits-and-intimate-apparel, questionable, kids, hate-and-racism, personal-storage, violence, keyloggers-and-monitoring, search-engines, internet-portals, web-advertisements, cheating, gross, web-based-email, malware-sites, phishing-and-other-fraud, proxy-avoid-and-anonymizers, spyware-and-adware, music, government, nudity, news-and-media, illegal, cdns, internet-communications, bot-nets, abortion, health-and-medicine, spam-urls, dynamically-generated-content, parked-domains, alcohol-and-tobacco, image-and-video-search, fashion-and-beauty, recreation-and-hobbies, motor-vehicles, web-hosting-sites, self-harm, dns-over-https, low-thc-cannabis-products, generative-ai, nudity-artistic, illegal-pornography
cipher-without-prio-list¶
Specification
Value
Type
list
Block object keys
cipher-wo-prio
Description ‘SSL3_RSA_DES_192_CBC3_SHA’: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A); ‘SSL3_RSA_RC4_128_MD5’: TLS_RSA_WITH_RC4_128_MD5 (0x0004); ‘SSL3_RSA_RC4_128_SHA’: TLS_RSA_WITH_RC4_128_SHA (0x0005); ‘TLS1_RSA_AES_128_SHA’: TLS_RSA_WITH_AES_128_CBC_SHA (0x002F); ‘TLS1_RSA_AES_256_SHA’: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035); ‘TLS1_RSA_AES_128_SHA256’: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C); ‘TLS1_RSA_AES_256_SHA256’: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D); ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E); ‘TLS1_DHE_RSA_AES_128_SHA’: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033); ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067); ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F); ‘TLS1_DHE_RSA_AES_256_SHA’: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039); ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B); ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B); ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC009); ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC023); ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC02C); ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xC00A); ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F); ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013); ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027); ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030); ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014); ‘TLS1_RSA_AES_128_GCM_SHA256’: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C); ‘TLS1_RSA_AES_256_GCM_SHA384’: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D); ‘TLS1_ECDHE_RSA_AES_256_SHA384’: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028); ‘TLS1_ECDHE_ECDSA_AES_256_SHA384’: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC024); ‘TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256’: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8); ‘TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256’: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9); ‘TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256’: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA);
Type: string
Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256
Mutual Exclusion: cipher-wo-prio, template-cipher, and shared-partition-cipher-template are mutually exclusive
server-name-list¶
Specification
Value
Type
list
Block object keys
server-cert
Description Server Certificate associated to SNI (Server Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
server-cert-regex
Description Server Certificate associated to SNI regex (Server Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
server-chain
Description Server Certificate Chain associated to SNI (Server Certificate Chain Name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
server-chain-regex
Description Server Certificate Chain associated to SNI regex (Server Certificate Chain Name)
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
server-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)
server-encrypted-regex
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)
server-key
Description Server Private Key associated to SNI (Server Private Key Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
server-key-regex
Description Server Private Key associated to SNI regex (Server Private Key Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
server-name
Description Server name indication in Client hello extension (Server name String)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
server-name-alternate
Description Specific the second certifcate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-name-regex
Description Server name indication in Client hello extension with regular expression (Server name String with regex)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
server-name-regex-alternate
Description Specific the second certifcate
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-passphrase
Description help Password Phrase
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
server-passphrase-regex
Description help Password Phrase
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
server-shared
Description Server Name Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-shared-regex
Description Server Name Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-regex-shared-partition-client-ssl-template
Description Reference a Client SSL template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-regex-template
Description Template associated to SNI regex
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-regex-template-client-ssl
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/client-ssl
sni-regex-template-client-ssl-shared-name
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/client-ssl
sni-shared-partition-client-ssl-template
Description Reference a Client SSL template from shared partition
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-template
Description Template associated to SNI
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sni-template-client-ssl
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/client-ssl
sni-template-client-ssl-shared-name
Description Client SSL Template Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/slb/template/client-ssl
sampling-enable¶
Specification
Value
Type
list
Block object keys
counters1
Description ‘all’: all; ‘real-estate’: real estate category; ‘computer-and-internet-security’: computer and internet security category; ‘financial-services’: financial services category; ‘business-and-economy’: business and economy category; ‘computer-and-internet-info’: computer and internet info category; ‘auctions’: auctions category; ‘shopping’: shopping category; ‘cult-and-occult’: cult and occult category; ‘travel’: travel category; ‘drugs’: drugs category; ‘adult-and-pornography’: adult and pornography category; ‘home-and-garden’: home and garden category; ‘military’: military category; ‘social-network’: social network category; ‘dead-sites’: dead sites category; ‘stock-advice-and-tools’: stock advice and tools category; ‘training-and-tools’: training and tools category; ‘dating’: dating category; ‘sex-education’: sex education category; ‘religion’: religion category; ‘entertainment-and-arts’: entertainment and arts category; ‘personal-sites-and-blogs’: personal sites and blogs category; ‘legal’: legal category; ‘local-information’: local information category; ‘streaming-media’: streaming media category; ‘job-search’: job search category; ‘gambling’: gambling category; ‘translation’: translation category; ‘reference-and-research’: reference and research category; ‘shareware-and-freeware’: shareware and freeware category; ‘peer-to-peer’: peer to peer category; ‘marijuana’: marijuana category; ‘hacking’: hacking category; ‘games’: games category; ‘philosophy-and-politics’: philosophy and politics category; ‘weapons’: weapons category; ‘pay-to-surf’: pay to surf category; ‘hunting-and-fishing’: hunting and fishing category; ‘society’: society category; ‘educational-institutions’: educational institutions category; ‘online-greeting-cards’: online greeting cards category; ‘sports’: sports category; ‘swimsuits-and-intimate-apparel’: swimsuits and intimate apparel category; ‘questionable’: questionable category; ‘kids’: kids category; ‘hate-and-racism’: hate and racism category; ‘personal-storage’: personal storage category; ‘violence’: violence category; ‘keyloggers-and-monitoring’: keyloggers and monitoring category; ‘search-engines’: search engines category; ‘internet-portals’: internet portals category; ‘web-advertisements’: web advertisements category; ‘cheating’: cheating category; ‘gross’: gross category; ‘web-based-email’: web based email category; ‘malware-sites’: malware sites category; ‘phishing-and-other-fraud’: phishing and other fraud category; ‘proxy-avoid-and-anonymizers’: proxy avoid and anonymizers category; ‘spyware-and-adware’: spyware and adware category; ‘music’: music category; ‘government’: government category; ‘nudity’: nudity category; ‘news-and-media’: news and media category; ‘illegal’: illegal category; ‘CDNs’: content delivery networks category; ‘internet-communications’: internet communications category; ‘bot-nets’: bot nets category; ‘abortion’: abortion category; ‘health-and-medicine’: health and medicine category; ‘confirmed-SPAM-sources’: confirmed SPAM sources category; ‘SPAM-URLs’: SPAM URLs category; ‘unconfirmed-SPAM-sources’: unconfirmed SPAM sources category; ‘open-HTTP-proxies’: open HTTP proxies category; ‘dynamically-generated-content’: dynamically generated content category; ‘parked-domains’: parked domains category; ‘alcohol-and-tobacco’: alcohol and tobacco category; ‘private-IP-addresses’: private IP addresses category; ‘image-and-video-search’: image and video search category; ‘fashion-and-beauty’: fashion and beauty category; ‘recreation-and-hobbies’: recreation and hobbies category; ‘motor-vehicles’: motor vehicles category; ‘web-hosting-sites’: web hosting sites category; ‘food-and-dining’: food and dining category; ‘dummy-item’: dummy item category; ‘self-harm’: self harm category; ‘dns-over-https’: dns over https category; ‘low-thc-cannabis-products’: low-thc cannabis products; ‘generative-ai’: generative ai category; ‘nudity-artistic’: artistic nudity; ‘illegal-pornography’: illegal pornography eg. child sexual abuse; ‘uncategorised’: uncategorised; ‘other-category’: other category; ‘trustworthy’: Trustworthy level(81-100); ‘low-risk’: Low-risk level(61-80); ‘moderate-risk’: Moderate-risk level(41-60); ‘suspicious’: Suspicious level(21-40); ‘malicious’: Malicious level(1-20);
Type: string
Supported Values: all, real-estate, computer-and-internet-security, financial-services, business-and-economy, computer-and-internet-info, auctions, shopping, cult-and-occult, travel, drugs, adult-and-pornography, home-and-garden, military, social-network, dead-sites, stock-advice-and-tools, training-and-tools, dating, sex-education, religion, entertainment-and-arts, personal-sites-and-blogs, legal, local-information, streaming-media, job-search, gambling, translation, reference-and-research, shareware-and-freeware, peer-to-peer, marijuana, hacking, games, philosophy-and-politics, weapons, pay-to-surf, hunting-and-fishing, society, educational-institutions, online-greeting-cards, sports, swimsuits-and-intimate-apparel, questionable, kids, hate-and-racism, personal-storage, violence, keyloggers-and-monitoring, search-engines, internet-portals, web-advertisements, cheating, gross, web-based-email, malware-sites, phishing-and-other-fraud, proxy-avoid-and-anonymizers, spyware-and-adware, music, government, nudity, news-and-media, illegal, CDNs, internet-communications, bot-nets, abortion, health-and-medicine, confirmed-SPAM-sources, SPAM-URLs, unconfirmed-SPAM-sources, open-HTTP-proxies, dynamically-generated-content, parked-domains, alcohol-and-tobacco, private-IP-addresses, image-and-video-search, fashion-and-beauty, recreation-and-hobbies, motor-vehicles, web-hosting-sites, food-and-dining, dummy-item, self-harm, dns-over-https, low-thc-cannabis-products, generative-ai, nudity-artistic, illegal-pornography, uncategorised, other-category, trustworthy, low-risk, moderate-risk, suspicious, malicious
certificate-list¶
Specification
Value
Type
list
Block object keys
cert
Description Certificate Name
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
chain-cert
Description Chain Certificate (Chain Certificate Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
key
Description Server Private Key (Key Name)
Type: string
Format: string-rlx
Maximum Length: 245 characters
Maximum Length: 1 characters
key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)
passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
shared
Description Server Certificate and Key Partition Shared
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters