.. _slb_template_client_ssl: slb template client-ssl ======================= Client SSL Template client-ssl Specification ------------------------ ===================================== ======================================================================= **Parameter** **Value** ===================================== ======================================================================= **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`2960_client-ssl_list` **Collection URI** /axapi/v3/slb/template/client-ssl **Element Name** client-ssl **Element URI** /axapi/v3/slb/template/client-ssl/{name} **Element Attributes** client-ssl_attributes **Partition Visibility** shared **Operational Data URI** /axapi/v3/slb/template/client-ssl/{name}/oper **Schema** :download:`client-ssl schema ` ===================================== ======================================================================= **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/slb/template/client-ssl .. raw:: html :ref:`2960_client-ssl_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/slb/template/client-ssl .. raw:: html :ref:`2960_client-ssl_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/slb/template/client-ssl/{name} .. raw:: html :ref:`2960_client-ssl_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/slb/template/client-ssl .. raw:: html :ref:`2960_client-ssl_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/slb/template/client-ssl/{name} .. raw:: html :ref:`2960_client-ssl_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/slb/template/client-ssl/{name} .. raw:: html :ref:`2960_client-ssl_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/slb/template/client-ssl .. raw:: html :ref:`2960_client-ssl_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/slb/template/client-ssl/{name} .. raw:: html :ref:`2960_client-ssl_attributes` .. raw:: html
.. _2960_client-ssl_list: client-ssl-list --------------- client-ssl-list is **JSON List** of :ref:`2960_client-ssl_attributes` client-ssl-list : [ { :ref:`2960_client-ssl_attributes` }, { :ref:`2960_client-ssl_attributes` }, ... ] .. _2960_client-ssl_attributes: client-ssl attributes --------------------- **ad-group-list** **Description** Forward proxy bypass if ad-group matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **alert-type** **Description** 'fatal': Log fatal alerts; **Type:** string **Supported Values:** fatal **auth-sg** **Description** Specify authorization LDAP service group **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** auth-sg and authen-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **auth-sg-dn** **Description** Use Subject DN as LDAP search base DN **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auth-sg-filter** **Description** Specify LDAP search filter **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **auth-username** **Description** Specify the Username Field in the Client Certificate(If multi-fields are specificed, prior one has higher priority) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **auth-username-attribute** **Description** Specify attribute name of username for client SSL authorization **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters **authen-name** **Description** Specify authorization LDAP server name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** authen-name and auth-sg are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ldap ` **authorization** **Description** Specify LDAP server for client SSL authorizaiton **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **bypass-cert-issuer-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-issuer-class-list-name and bypass-cert-issuer-multi-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` **bypass-cert-issuer-multi-class-list** **Type:** List **bypass-cert-san-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-san-class-list-name and bypass-cert-san-multi-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` **bypass-cert-san-multi-class-list** **Type:** List **bypass-cert-subject-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-subject-class-list-name and bypass-cert-subject-multi-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` **bypass-cert-subject-multi-class-list** **Type:** List **ca-certs** **Type:** List **cache-persistence-list-name** **Description** Class List Name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **case-insensitive** **Description** Case insensitive forward proxy bypass **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **central-cert-pin-list** **Description** Forward proxy bypass if SNI string is contained in central updated cert-pinning-candidate list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cert-revoke-action** **Description** 'bypass': bypass SSLi processing; 'continue': continue the connection; 'drop': close the connection; 'block': block the connection with a warning page; **Type:** string **Supported Values:** bypass, continue, drop, block **Default:** bypass **cert-unknown-action** **Description** 'bypass': bypass SSLi processing; 'continue': continue the connection; 'drop': close the connection; 'block': block the connection with a warning page; **Type:** string **Supported Values:** bypass, continue, drop, block **Default:** bypass **certificate-issuer-contains-list** **Type:** List **certificate-issuer-ends-with-list** **Type:** List **certificate-issuer-equals-list** **Type:** List **certificate-issuer-starts-with-list** **Type:** List **certificate-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl/{name}/certificate/{cert} ` **certificate-san-contains-list** **Type:** List **certificate-san-ends-with-list** **Type:** List **certificate-san-equals-list** **Type:** List **certificate-san-starts-with-list** **Type:** List **certificate-subject-contains-list** **Type:** List **certificate-subject-ends-with-list** **Type:** List **certificate-subject-equals-list** **Type:** List **certificate-subject-starts-with-list** **Type:** List **chain-cert** **Description** Chain Certificate Name **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** chain-cert and chain-cert-shared-str are mutually exclusive **chain-cert-shared-str** **Description** Chain Certificate Name **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** chain-cert-shared-str and chain-cert are mutually exclusive **cipher-without-prio-list** **Type:** List **class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** class-list-name and multi-clist-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` **client-auth-case-insensitive** **Description** Case insensitive forward proxy client auth bypass **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-auth-class-list** **Description** Forward proxy client auth bypass if SNI string matches class-list (Class List Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **client-auth-contains-list** **Type:** List **client-auth-ends-with-list** **Type:** List **client-auth-equals-list** **Type:** List **client-auth-starts-with-list** **Type:** List **client-certificate** **Description** 'Ignore': Don't request client certificate; 'Require': Require client certificate; 'Request': Request client certificate; **Type:** string **Supported Values:** Ignore, Require, Request **Default:** Ignore **client-ipv4-list** **Type:** List **client-ipv6-list** **Type:** List **close-notify** **Description** Send close notification when terminate connection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **contains-list** **Type:** List **crl-certs** **Type:** List **dgversion** **Description** Lower TLS/SSL version can be downgraded **Type:** number **Range:** 30-34 **Default:** 31 **dh-type** **Description** '1024': 1024; '1024-dsa': 1024-dsa; '2048': 2048; **Type:** string **Supported Values:** 1024, 1024-dsa, 2048 **direct-client-server-auth** **Description** Let backend server does SSL client authentication directly **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-sslv3** **Description** Reject Client requests for SSL version 3 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **early-data** **Description** Enable TLS 1.3 early data (0-RTT) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ec-list** **Type:** List **enable-ssli-ftp-alg** **Description** Enable SSLi FTP over TLS support at which port **Type:** number **Range:** 1-65535 **enable-tls-alert-logging** **Description** Enable TLS alert logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ends-with-list** **Type:** List **equals-list** **Type:** List **exception-ad-group-list** **Description** Exceptions to forward proxy bypass if ad-group matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-certificate-issuer-cl-name** **Description** Exceptions to forward-proxy-bypass **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-certificate-san-cl-name** **Description** Exceptions to forward-proxy-bypass **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-certificate-subject-cl-name** **Description** Exceptions to forward-proxy-bypass **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-client-ipv4-list** **Type:** List **exception-client-ipv6-list** **Type:** List **exception-server-ipv4-list** **Type:** List **exception-server-ipv6-list** **Type:** List **exception-sni-cl-name** **Description** Exceptions to forward-proxy-bypass **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-user-name-list** **Description** Exceptions to forward proxy bypass if user-name matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **exception-web-category** **Description:** exception-web-category is a **JSON Block**. Please see below for :ref:`2960_exception-web-category` **Type:** Object **exception-web-reputation** **Description:** exception-web-reputation is a **JSON Block**. Please see below for :ref:`2960_exception-web-reputation` **Type:** Object **expire-hours** **Description** Certificate lifetime in hours **Type:** number **Range:** 1-168 **forward-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **Mutual Exclusion:** forward-encrypted and fp-ca-certificate are mutually exclusive **forward-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** forward-passphrase and fp-ca-certificate are mutually exclusive **forward-proxy-alt-sign** **Description** Forward proxy alternate signing cert and key **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-block-message** **Description** Message to be included on the block page (Message, enclose in quotes if spaces are present) **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **forward-proxy-ca-cert** **Description** CA Certificate for forward proxy (SSL forward proxy CA Certificate Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** forward-proxy-ca-cert,fp-ca-certificate, fp-ca-key, fp-ca-key-pass-phrase, fp-ca-key-passphrase, fp-ca-key-encrypted, fp-ca-chain-cert, and fp-ca-certificate-shared are mutually exclusive **forward-proxy-ca-key** **Description** CA Private Key for forward proxy (SSL forward proxy CA Key Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** forward-proxy-ca-key,fp-ca-certificate, fp-ca-key, fp-ca-key-pass-phrase, fp-ca-key-passphrase, fp-ca-key-encrypted, fp-ca-chain-cert, and fp-ca-certificate-shared are mutually exclusive **forward-proxy-cert-cache-limit** **Description** Certificate cache size limit, default is 524288 (set to 0 for unlimited size) **Type:** number **Range:** 0-2147483647 **Default:** 524288 **forward-proxy-cert-cache-timeout** **Description** Certificate cache timeout, default is 1 hour (seconds, set to 0 for never timeout) **Type:** number **Range:** 0-2147483647 **Default:** 3600 **forward-proxy-cert-expiry** **Description** Adjust certificate expiry relative to the time when it is created on the device **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-cert-not-ready-action** **Description** 'bypass': bypass the connection; 'reset': reset the connection; 'intercept': wait for cert and then inspect the connection; **Type:** string **Supported Values:** bypass, reset, intercept **Default:** bypass **forward-proxy-cert-revoke-action** **Description** Action taken if a certificate is irreversibly revoked, bypass SSLi processing by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **forward-proxy-cert-unknown-action** **Description** Action taken if a certificate revocation status is unknown, bypass SSLi processing by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **forward-proxy-crl-disable** **Description** Disable Certificate Revocation List checking for forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-decrypted-dscp** **Description** Apply a DSCP to decrypted and bypassed traffic (DSCP to apply to decrypted traffic) **Type:** number **Range:** 1-63 **forward-proxy-decrypted-dscp-bypass** **Description** DSCP to apply to bypassed traffic **Type:** number **Range:** 1-63 **forward-proxy-enable** **Description** Enable SSL forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** forward-proxy-enable and ssli-inbound-enable are mutually exclusive **forward-proxy-esni-action** **Description** Action taken if receiving encrypted server name indication extension in client hello MSG, bypass the connection by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-failsafe-disable** **Description** Disable Failsafe for SSL forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-hash-persistence-interval** **Description** Set the time interval to save the hash persistence certs (Interval value, in minutes) **Type:** number **Range:** 1-720 **Default:** 30 **forward-proxy-log-disable** **Description** Disable SSL forward proxy logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-no-shared-cipher-action** **Description** Action taken if handshake fails due to no shared ciper, close the connection by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **forward-proxy-no-sni-action** **Description** 'intercept': intercept in no SNI case; 'bypass': bypass in no SNI case; 'reset': reset in no SNI case; **Type:** string **Supported Values:** intercept, bypass, reset **Default:** intercept **forward-proxy-ocsp-disable** **Description** Disable ocsp-stapling for forward proxy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-require-sni-cert-matched** **Description** 'no-match-action-inspect': Inspected if not matched; 'no-match-action-drop': Dropped if not matched; **Type:** string **Supported Values:** no-match-action-inspect, no-match-action-drop **forward-proxy-selfsign-redir** **Description** Redirect connections to pages with self signed certs to a warning page **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **forward-proxy-ssl-version** **Description** TLS/SSL version, default is TLS1.2 (TLS/SSL version: 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3) **Type:** number **Range:** 31-34 **Default:** 33 **forward-proxy-trusted-ca-lists** **Type:** List **forward-proxy-verify-cert-fail-action** **Description** Action taken if certificate verification fails, close the connection by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **fp-alt-cert** **Description** CA Certificate for forward proxy alternate signing (Certificate name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **fp-alt-chain-cert** **Description** Chain Certificate (Chain Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **fp-alt-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **fp-alt-key** **Description** CA Private Key for forward proxy alternate signing (Key name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **fp-alt-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **fp-alt-shared** **Description** Alternate CA Certificate and Private Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fp-ca-certificate** **Description** CA Certificate for forward proxy (SSL forward proxy CA Certificate Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-ca-certificate,forward-proxy-ca-cert, fp-ca-shared, forward-proxy-ca-key, forward-passphrase, forward-encrypted, and fp-ca-key-shared are mutually exclusive **fp-ca-certificate-shared** **Description** CA Private Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** fp-ca-certificate-shared, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-chain-cert** **Description** Chain Certificate (Chain Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-ca-chain-cert, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-key** **Description** CA Private Key for forward proxy (SSL forward proxy CA Key Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-ca-key, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **Mutual Exclusion:** fp-ca-key-encrypted, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-key-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-ca-key-passphrase, forward-proxy-ca-cert, and forward-proxy-ca-key are mutually exclusive **fp-ca-key-shared** **Description** CA Private Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** fp-ca-key-shared and fp-ca-certificate are mutually exclusive **fp-ca-shared** **Description** CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** fp-ca-shared and fp-ca-certificate are mutually exclusive **fp-cert-ext-aia-ca-issuers** **Description** CA Issuers (Authority Information Access URI) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-cert-ext-aia-ca-issuers and fp-cert-ext-aia-ocsp are mutually exclusive **fp-cert-ext-aia-ocsp** **Description** OCSP (Authority Information Access URI) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-cert-ext-aia-ocsp and fp-cert-ext-aia-ca-issuers are mutually exclusive **fp-cert-ext-crldp** **Description** CRL Distribution Point (CRL Distribution Point URI) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **fp-cert-fetch-autonat** **Description** 'auto': Configure auto NAT for server certificate fetching; **Type:** string **Supported Values:** auto **Mutual Exclusion:** fp-cert-fetch-autonat and fp-cert-fetch-natpool-name are mutually exclusive **fp-cert-fetch-autonat-precedence** **Description** Set this NAT pool as higher precedence than other source NAT like configued under template policy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fp-cert-fetch-natpool-name** **Description** Specify NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fp-cert-fetch-natpool-name, shared-partition-pool, and fp-cert-fetch-autonat are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **fp-cert-fetch-natpool-name-shared** **Description** Specify NAT pool or pool group **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ip/nat/pool ` **fp-cert-fetch-natpool-precedence** **Description** Set this NAT pool as higher precedence than other source NAT like configued under template policy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fp-esni-action** **Description** 'bypass': bypass SSLi processing; 'drop': close the connection; **Type:** string **Supported Values:** bypass, drop **Default:** bypass **handshake-logging-enable** **Description** Enable SSL handshake logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hsm-type** **Description** 'thales-embed': Thales embed key; 'thales-hwcrhk': Thales hwcrhk Key; **Type:** string **Supported Values:** thales-embed, thales-hwcrhk **inspect-certificate-issuer-cl-name** **Description** Forward proxy Inspect if Certificate issuer matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **inspect-certificate-san-cl-name** **Description** Forward proxy Inspect if Certificate Subject Alternative Name matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **inspect-certificate-subject-cl-name** **Description** Forward proxy Inspect if Certificate Subject matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **inspect-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **ja3-enable** **Description** Enable JA3 features **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ja3-insert-http-header** **Description** Insert the JA3 hash into this request as a HTTP header (HTTP Header Name) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ja3-reject-class-list** **Description** Drop request if the JA3 hash matches this class-list (type string-case-insensitive) (Class-List Name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **ja3-reject-max-number-per-host** **Description** Drop request if numbers of JA3 of this client address exceeded **Type:** number **Range:** 1-256 **ja3-ttl** **Description** seconds to keep each JA3 record **Type:** number **Range:** 1-86400 **Default:** 600 **ldap-base-dn-from-cert** **Description** Use Subject DN as LDAP search base DN **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ldap-search-filter** **Description** Specify LDAP search filter **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **local-cert-pin-list** **Description:** local-cert-pin-list is a **JSON Block**. Please see below for :ref:`2960_local-cert-pin-list` **Type:** Object **local-logging** **Description** Enable local logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **multi-class-list** **Type:** List **name** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **no-anti-replay** **Description** Disable anti-replay protection for TLS 1.3 early data (0-RTT data) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **no-shared-cipher-action** **Description** 'bypass': bypass SSLi processing; 'drop': close the connection; **Type:** string **Supported Values:** bypass, drop **Default:** drop **non-ssl-bypass-l4session** **Description** Handle the non-ssl session as L4 for performance optimization **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **non-ssl-bypass-service-group** **Description** Service Group for Bypass non-ssl traffic (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **notafter** **Description** notAfter date **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **notafterday** **Description** Day **Type:** number **Range:** 1-31 **notaftermonth** **Description** Month **Type:** number **Range:** 1-12 **notafteryear** **Description** Year **Type:** number **Range:** 2005-2035 **notbefore** **Description** notBefore date **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **notbeforeday** **Description** Day **Type:** number **Range:** 1-31 **notbeforemonth** **Description** Month **Type:** number **Range:** 1-12 **notbeforeyear** **Description** Year **Type:** number **Range:** 2005-2035 **ocsp-stapling** **Description** Config OCSP stapling support **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ocspst-ca-cert** **Description** CA certificate **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **ocspst-ocsp** **Description** Specify OCSP Authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ocspst-sg** **Description** Specify authentication service group **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ocspst-sg and ocspst-srvr are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **ocspst-sg-days** **Description** Specify update period, in days **Type:** number **Range:** 1-31 **Mutual Exclusion:** ocspst-sg-days, ocspst-sg-hours, and ocspst-sg-minutes are mutually exclusive **ocspst-sg-hours** **Description** Specify update period, in hours **Type:** number **Range:** 1-23 **Default:** 1 **Mutual Exclusion:** ocspst-sg-hours, ocspst-sg-days, and ocspst-sg-minutes are mutually exclusive **ocspst-sg-minutes** **Description** Specify update period, in minutes **Type:** number **Range:** 1-59 **Mutual Exclusion:** ocspst-sg-minutes, ocspst-sg-days, and ocspst-sg-hours are mutually exclusive **ocspst-sg-timeout** **Description** Specify retry timeout (Default is 30 mins) **Type:** number **Range:** 1-44640 **Default:** 30 **ocspst-srvr** **Description** Specify OCSP authentication server **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ocspst-srvr and ocspst-sg are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ocsp ` **ocspst-srvr-days** **Description** Specify update period, in days **Type:** number **Range:** 1-31 **Mutual Exclusion:** ocspst-srvr-days, ocspst-srvr-hours, and ocspst-srvr-minutes are mutually exclusive **ocspst-srvr-hours** **Description** Specify update period, in hours **Type:** number **Range:** 1-23 **Default:** 1 **Mutual Exclusion:** ocspst-srvr-hours, ocspst-srvr-days, and ocspst-srvr-minutes are mutually exclusive **ocspst-srvr-minutes** **Description** Specify update period, in minutes **Type:** number **Range:** 1-59 **Mutual Exclusion:** ocspst-srvr-minutes, ocspst-srvr-days, and ocspst-srvr-hours are mutually exclusive **ocspst-srvr-timeout** **Description** Specify retry timeout (Default is 30 mins) **Type:** number **Range:** 1-44640 **Default:** 30 **renegotiation-disable** **Description** Disable SSL renegotiation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **req-ca-lists** **Type:** List **require-web-category** **Description** Wait for web category to be resolved before taking bypass decision **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-ipv4-list** **Type:** List **server-ipv6-list** **Type:** List **server-name-auto-map** **Description** Enable automatic mapping of server name indication in Client hello extension **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-name-list** **Type:** List **session-cache-size** **Description** Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled)) **Type:** number **session-cache-timeout** **Description** Session Cache Timeout (Timeout value, in seconds. Default value 0 (Session cache timeout disabled)) **Type:** number **Range:** 0-604800 **Default:** 0 **session-ticket-disable** **Description** Disable client side session ticket support **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **session-ticket-lifetime** **Description** Session ticket lifetime in seconds from stateless session resumption (Lifetime value in seconds. Default value 0 (Session ticket lifetime is 7200 seconds)) **Type:** number **Range:** 0-2147483647 **Default:** 0 **shared-partition-cipher-template** **Description** Reference a cipher template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-cipher-template, template-cipher, and cipher-wo-prio are mutually exclusive **shared-partition-pool** **Description** Reference a NAT pool or pool group from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** shared-partition-pool and fp-cert-fetch-natpool-name are mutually exclusive **sni-bypass-enable-log** **Description** Enable logging when bypass event happens, disabled by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-bypass-expired-cert** **Description** Bypass when certificate expired **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-bypass-explicit-list** **Description** Bypass when matched explicit bypass list (Specify class list name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **sni-bypass-missing-cert** **Description** Bypass when missing cert/key **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-enable-log** **Description** Enable logging of sni-auto-map failures. Disable by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ssl-false-start-disable** **Description** disable SSL False Start **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ssli-inbound-enable** **Description** Enable inbound SSLi **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** ssli-inbound-enable and forward-proxy-enable are mutually exclusive **ssli-logging** **Description** SSLi logging level, default is error logging only **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sslilogging** **Description** 'disable': Disable all logging; 'all': enable all logging(error, info); **Type:** string **Supported Values:** disable, all **sslv2-bypass-service-group** **Description** Service Group for Bypass SSLV2 (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/service-group ` **starts-with-list** **Type:** List **template-cipher** **Description** Cipher Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** template-cipher, shared-partition-cipher-template, and cipher-wo-prio are mutually exclusive **Reference Object:** :doc:`/axapi/v3/slb/template/cipher ` **template-cipher-shared** **Description** Cipher Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/cipher ` **template-hsm** **Description** HSM Template (HSM Template Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/hsm/template ` **user-name-list** **Description** Forward proxy bypass if user-name matches class-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **verify-cert-fail-action** **Description** 'bypass': bypass SSLi processing; 'continue': continue the connection; 'drop': close the connection; 'block': block the connection with a warning page; **Type:** string **Supported Values:** bypass, continue, drop, block **Default:** drop **version** **Description** TLS/SSL version, default is the highest number supported (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3) **Type:** number **Range:** 1-34 **web-category** **Description:** web-category is a **JSON Block**. Please see below for :ref:`2960_web-category` **Type:** Object **web-reputation** **Description:** web-reputation is a **JSON Block**. Please see below for :ref:`2960_web-reputation` **Type:** Object .. _2960_bypass-cert-subject-multi-class-list: bypass-cert-subject-multi-class-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypass-cert-subject-multi-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-subject-multi-class-list-name and bypass-cert-subject-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2960_certificate-san-contains-list: certificate-san-contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-san-contains** **Description** Forward proxy bypass if Certificate SAN contains another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_equals-list: equals-list ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **equals** **Description** Forward proxy bypass if SNI string equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_client-ipv6-list: client-ipv6-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-ipv6-list-name** **Description** IPV6 client class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2960_forward-proxy-trusted-ca-lists: forward-proxy-trusted-ca-lists ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **forward-proxy-trusted-ca** **Description** Forward proxy trusted CA file (CA file name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **fp-trusted-ca-shared** **Description** Trusted CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _2960_ec-list: ec-list ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ec** **Description** 'secp256r1': X9_62_prime256v1; 'secp384r1': secp384r1; **Type:** string **Supported Values:** secp256r1, secp384r1 .. _2960_contains-list: contains-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **contains** **Description** Forward proxy bypass if SNI string contains another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_ends-with-list: ends-with-list ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ends-with** **Description** Forward proxy bypass if SNI string ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_ca-certs: ca-certs ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ca-cert** **Description** CA Certificate (CA Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **ca-shared** **Description** CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-ocsp** **Description** Specify ocsp authentication server(s) for client certificate verification **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-ocsp-sg** **Description** Specify service-group (Service group name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **client-ocsp-srvr** **Description** Specify authentication server **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ocsp/instance ` .. _2960_client-auth-contains-list: client-auth-contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-auth-contains** **Description** Forward proxy bypass if SNI string contains another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_certificate-subject-contains-list: certificate-subject-contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-subject-contains** **Description** Forward proxy bypass if Certificate Subject contains another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_req-ca-lists: req-ca-lists ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-cert-req-ca-shared** **Description** CA Certificate Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-certificate-Request-CA** **Description** Send CA lists in certificate request (CA Certificate Name) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters .. _2960_certificate-subject-starts-with-list: certificate-subject-starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-subject-starts** **Description** Forward proxy bypass if Certificate Subject starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_web-reputation: web-reputation ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **bypass-low-risk** **Description** Bypass when reputation score is greater than or equal to 61 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-low-risk,bypass-trustworthy, bypass-moderate-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive **bypass-malicious** **Description** Bypass when reputation score is greater than or equal to 1 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-malicious,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-suspicious, and bypass-threshold are mutually exclusive **bypass-moderate-risk** **Description** Bypass when reputation score is greater than or equal to 41 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-moderate-risk,bypass-trustworthy, bypass-low-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive **bypass-suspicious** **Description** Bypass when reputation score is greater than or equal to 21 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-suspicious,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-malicious, and bypass-threshold are mutually exclusive **bypass-threshold** **Description** Bypass when reputation score is greater than or equal to the customized score (1-100) **Type:** number **Range:** 1-100 **Mutual Exclusion:** bypass-threshold,bypass-trustworthy, bypass-low-risk, bypass-moderate-risk, bypass-suspicious, and bypass-malicious are mutually exclusive **bypass-trustworthy** **Description** Bypass when reputation score is greater than or equal to 81 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** bypass-trustworthy,bypass-low-risk, bypass-moderate-risk, bypass-suspicious, bypass-malicious, and bypass-threshold are mutually exclusive .. _2960_bypass-cert-issuer-multi-class-list: bypass-cert-issuer-multi-class-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypass-cert-issuer-multi-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-issuer-multi-class-list-name and bypass-cert-issuer-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2960_client-auth-equals-list: client-auth-equals-list ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-auth-equals** **Description** Forward proxy bypass if SNI string equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_certificate-issuer-equals-list: certificate-issuer-equals-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-issuer-equals** **Description** Forward proxy bypass if Certificate issuer equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_certificate-san-ends-with-list: certificate-san-ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-san-ends-with** **Description** Forward proxy bypass if Certificate SAN ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_crl-certs: crl-certs ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **crl** **Description** Certificate Revocation Lists (Certificate Revocation Lists file name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **crl-shared** **Description** Certificate Revocation Lists Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _2960_certificate-list: certificate-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cert** **Description** Certificate Name **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **chain-cert** **Description** Chain Certificate (Chain Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **key** **Description** Server Private Key (Key Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **shared** **Description** Server Certificate and Key Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2960_client-ipv4-list: client-ipv4-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-ipv4-list-name** **Description** IPV4 client class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2960_multi-class-list: multi-class-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **multi-clist-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** multi-clist-name and class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2960_certificate-issuer-ends-with-list: certificate-issuer-ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-issuer-ends-with** **Description** Forward proxy bypass if Certificate issuer ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_exception-server-ipv4-list: exception-server-ipv4-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **exception-server-ipv4-list-name** **Description** IPV4 exception server class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2960_web-category: web-category ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **abortion** **Description** Category Abortion **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **adult-and-pornography** **Description** Category Adult and Pornography **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **alcohol-and-tobacco** **Description** Category Alcohol and Tobacco **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auctions** **Description** Category Auctions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **bot-nets** **Description** Category Bot Nets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **business-and-economy** **Description** Category Business and Economy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cdns** **Description** Category CDNs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cheating** **Description** Category Cheating **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **computer-and-internet-info** **Description** Category Computer and Internet Info **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **computer-and-internet-security** **Description** Category Computer and Internet Security **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **cult-and-occult** **Description** Category Cult and Occult **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dating** **Description** Category Dating **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dead-sites** **Description** Category Dead Sites (db Ops only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drugs** **Description** Category Abused Drugs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamically-generated-content** **Description** Dynamically Generated Content **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **educational-institutions** **Description** Category Educational Institutions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **entertainment-and-arts** **Description** Category Entertainment and Arts **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fashion-and-beauty** **Description** Category Fashion and Beauty **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **financial-services** **Description** Category Financial Services **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **gambling** **Description** Category Gambling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **games** **Description** Category Games **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **government** **Description** Category Government **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **gross** **Description** Category Gross **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hacking** **Description** Category Hacking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hate-and-racism** **Description** Category Hate and Racism **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **health-and-medicine** **Description** Category Health and Medicine **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **home-and-garden** **Description** Category Home and Garden **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hunting-and-fishing** **Description** Category Hunting and Fishing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **illegal** **Description** Category Illegal **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **illegal-pornography** **Description** Category Illegal join Adult and Pornography **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **image-and-video-search** **Description** Category Image and Video Search **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **internet-communications** **Description** Category Internet Communications **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **internet-portals** **Description** Category Internet Portals **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **job-search** **Description** Category Job Search **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **keyloggers-and-monitoring** **Description** Category Keyloggers and Monitoring **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **kids** **Description** Category Kids **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **legal** **Description** Category Legal **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **local-information** **Description** Category Local Information **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malware-sites** **Description** Category Malware Sites **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **marijuana** **Description** Category Marijuana **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **military** **Description** Category Military **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **motor-vehicles** **Description** Category Motor Vehicles **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **music** **Description** Category Music **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **news-and-media** **Description** Category News and Media **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **nudity** **Description** Category Nudity **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **nudity-artistic** **Description** Category Nudity join Entertainment and Arts **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **online-greeting-cards** **Description** Category Online Greeting cards **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **parked-domains** **Description** Category Parked Domains **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pay-to-surf** **Description** Category Pay to Surf **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **peer-to-peer** **Description** Category Peer to Peer **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **personal-sites-and-blogs** **Description** Category Personal sites and Blogs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **personal-storage** **Description** Category Personal Storage **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **philosophy-and-politics** **Description** Category Philosophy and Political Advocacy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **phishing-and-other-fraud** **Description** Category Phishing and Other Frauds **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **proxy-avoid-and-anonymizers** **Description** Category Proxy Avoid and Anonymizers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **questionable** **Description** Category Questionable **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **real-estate** **Description** Category Real Estate **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **recreation-and-hobbies** **Description** Category Recreation and Hobbies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **reference-and-research** **Description** Category Reference and Research **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **religion** **Description** Category Religion **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **search-engines** **Description** Category Search Engines **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sex-education** **Description** Category Sex Education **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **shareware-and-freeware** **Description** Category Shareware and Freeware **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **shopping** **Description** Category Shopping **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **social-network** **Description** Category Social Network **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **society** **Description** Category Society **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **spam-urls** **Description** Category SPAM URLs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sports** **Description** Category Sports **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **spyware-and-adware** **Description** Category Spyware and Adware **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **stock-advice-and-tools** **Description** Category Stock Advice and Tools **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **streaming-media** **Description** Category Streaming Media **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **swimsuits-and-intimate-apparel** **Description** Category Swimsuits and Intimate Apparel **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **training-and-tools** **Description** Category Training and Tools **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **translation** **Description** Category Translation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **travel** **Description** Category Travel **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uncategorized** **Description** Uncategorized URLs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **violence** **Description** Category Violence **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **weapons** **Description** Category Weapons **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **web-advertisements** **Description** Category Web Advertisements **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **web-based-email** **Description** Category Web based email **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **web-hosting-sites** **Description** Category Web Hosting Sites **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _2960_certificate-san-equals-list: certificate-san-equals-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-san-equals** **Description** Forward proxy bypass if Certificate SAN equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_exception-client-ipv4-list: exception-client-ipv4-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **exception-client-ipv4-list-name** **Description** IPV4 exception client class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2960_certificate-issuer-contains-list: certificate-issuer-contains-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-issuer-contains** **Description** Forward proxy bypass if Certificate issuer contains another string (Certificate issuer) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_client-auth-starts-with-list: client-auth-starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-auth-starts-with** **Description** Forward proxy bypass if SNI string starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_certificate-subject-ends-with-list: certificate-subject-ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-subject-ends-with** **Description** Forward proxy bypass if Certificate Subject ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_bypass-cert-san-multi-class-list: bypass-cert-san-multi-class-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **bypass-cert-san-multi-class-list-name** **Description** Class List Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** bypass-cert-san-multi-class-list-name and bypass-cert-san-class-list-name are mutually exclusive **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2960_server-name-list: server-name-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **server-cert** **Description** Server Certificate associated to SNI (Server Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **server-cert-regex** **Description** Server Certificate associated to SNI regex (Server Certificate Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **server-chain** **Description** Server Certificate Chain associated to SNI (Server Certificate Chain Name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **server-chain-regex** **Description** Server Certificate Chain associated to SNI regex (Server Certificate Chain Name) **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **server-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **server-encrypted-regex** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **server-key** **Description** Server Private Key associated to SNI (Server Private Key Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **server-key-regex** **Description** Server Private Key associated to SNI regex (Server Private Key Name) **Type:** string **Format:** string-rlx **Maximum Length:** 245 characters **Maximum Length:** 1 characters **server-name** **Description** Server name indication in Client hello extension (Server name String) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-name-alternate** **Description** Specific the second certifcate **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-name-regex** **Description** Server name indication in Client hello extension with regular expression (Server name String with regex) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-name-regex-alternate** **Description** Specific the second certifcate **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-passphrase** **Description** help Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-passphrase-regex** **Description** help Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server-shared** **Description** Server Name Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-shared-regex** **Description** Server Name Partition Shared **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-regex-shared-partition-client-ssl-template** **Description** Reference a Client SSL template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-regex-template** **Description** Template associated to SNI regex **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-regex-template-client-ssl** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl ` **sni-regex-template-client-ssl-shared-name** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl ` **sni-shared-partition-client-ssl-template** **Description** Reference a Client SSL template from shared partition **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-template** **Description** Template associated to SNI **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sni-template-client-ssl** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl ` **sni-template-client-ssl-shared-name** **Description** Client SSL Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/slb/template/client-ssl ` .. _2960_exception-web-category: exception-web-category ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exception-abortion** **Description** Category Abortion **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-adult-and-pornography** **Description** Category Adult and Pornography **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-alcohol-and-tobacco** **Description** Category Alcohol and Tobacco **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-auctions** **Description** Category Auctions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-bot-nets** **Description** Category Bot Nets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-business-and-economy** **Description** Category Business and Economy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-cdns** **Description** Category CDNs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-cheating** **Description** Category Cheating **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-computer-and-internet-info** **Description** Category Computer and Internet Info **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-computer-and-internet-security** **Description** Category Computer and Internet Security **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-cult-and-occult** **Description** Category Cult and Occult **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-dating** **Description** Category Dating **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-dead-sites** **Description** Category Dead Sites (db Ops only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-drugs** **Description** Category Abused Drugs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-dynamically-generated-content** **Description** Dynamically Generated Content **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-educational-institutions** **Description** Category Educational Institutions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-entertainment-and-arts** **Description** Category Entertainment and Arts **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-fashion-and-beauty** **Description** Category Fashion and Beauty **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-financial-services** **Description** Category Financial Services **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-gambling** **Description** Category Gambling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-games** **Description** Category Games **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-government** **Description** Category Government **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-gross** **Description** Category Gross **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-hacking** **Description** Category Hacking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-hate-and-racism** **Description** Category Hate and Racism **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-health-and-medicine** **Description** Category Health and Medicine **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-home-and-garden** **Description** Category Home and Garden **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-hunting-and-fishing** **Description** Category Hunting and Fishing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-illegal** **Description** Category Illegal **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-illegal-pornography** **Description** Category Illegal join Adult and Pornography **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-image-and-video-search** **Description** Category Image and Video Search **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-internet-communications** **Description** Category Internet Communications **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-internet-portals** **Description** Category Internet Portals **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-job-search** **Description** Category Job Search **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-keyloggers-and-monitoring** **Description** Category Keyloggers and Monitoring **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-kids** **Description** Category Kids **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-legal** **Description** Category Legal **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-local-information** **Description** Category Local Information **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-malware-sites** **Description** Category Malware Sites **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-marijuana** **Description** Category Marijuana **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-military** **Description** Category Military **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-motor-vehicles** **Description** Category Motor Vehicles **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-music** **Description** Category Music **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-news-and-media** **Description** Category News and Media **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-nudity** **Description** Category Nudity **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-nudity-artistic** **Description** Category Nudity join Entertainment and Arts **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-online-greeting-cards** **Description** Category Online Greeting cards **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-parked-domains** **Description** Category Parked Domains **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-pay-to-surf** **Description** Category Pay to Surf **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-peer-to-peer** **Description** Category Peer to Peer **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-personal-sites-and-blogs** **Description** Category Personal sites and Blogs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-personal-storage** **Description** Category Personal Storage **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-philosophy-and-politics** **Description** Category Philosophy and Political Advocacy **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-phishing-and-other-fraud** **Description** Category Phishing and Other Frauds **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-proxy-avoid-and-anonymizers** **Description** Category Proxy Avoid and Anonymizers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-questionable** **Description** Category Questionable **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-real-estate** **Description** Category Real Estate **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-recreation-and-hobbies** **Description** Category Recreation and Hobbies **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-reference-and-research** **Description** Category Reference and Research **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-religion** **Description** Category Religion **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-search-engines** **Description** Category Search Engines **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-sex-education** **Description** Category Sex Education **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-shareware-and-freeware** **Description** Category Shareware and Freeware **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-shopping** **Description** Category Shopping **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-social-network** **Description** Category Social Network **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-society** **Description** Category Society **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-spam-urls** **Description** Category SPAM URLs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-sports** **Description** Category Sports **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-spyware-and-adware** **Description** Category Spyware and Adware **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-stock-advice-and-tools** **Description** Category Stock Advice and Tools **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-streaming-media** **Description** Category Streaming Media **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-swimsuits-and-intimate-apparel** **Description** Category Swimsuits and Intimate Apparel **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-training-and-tools** **Description** Category Training and Tools **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-translation** **Description** Category Translation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-travel** **Description** Category Travel **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-uncategorized** **Description** Uncategorized URLs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-violence** **Description** Category Violence **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-weapons** **Description** Category Weapons **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-web-advertisements** **Description** Category Web Advertisements **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-web-based-email** **Description** Category Web based email **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exception-web-hosting-sites** **Description** Category Web Hosting Sites **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _2960_exception-server-ipv6-list: exception-server-ipv6-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **exception-server-ipv6-list-name** **Description** IPV6 exception server class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2960_certificate-issuer-starts-with-list: certificate-issuer-starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-issuer-starts** **Description** Forward proxy bypass if Certificate issuer starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_certificate-san-starts-with-list: certificate-san-starts-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-san-starts** **Description** Forward proxy bypass if Certificate SAN starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_server-ipv4-list: server-ipv4-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **server-ipv4-list-name** **Description** IPV4 server class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2960_client-auth-ends-with-list: client-auth-ends-with-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-auth-ends-with** **Description** Forward proxy bypass if SNI string ends with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_exception-client-ipv6-list: exception-client-ipv6-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **exception-client-ipv6-list-name** **Description** IPV6 exception client class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2960_exception-web-reputation: exception-web-reputation ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exception-low-risk** **Description** Intercept when reputation score is less than or equal to 80 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-low-risk,exception-trustworthy, exception-moderate-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive **exception-malicious** **Description** Intercept when reputation score is less than or equal to 20 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-malicious,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-suspicious, and exception-threshold are mutually exclusive **exception-moderate-risk** **Description** Intercept when reputation score is less than or equal to 60 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-moderate-risk,exception-trustworthy, exception-low-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive **exception-suspicious** **Description** Intercept when reputation score is less than or equal to 40 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-suspicious,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-malicious, and exception-threshold are mutually exclusive **exception-threshold** **Description** Intercept when reputation score is less than or equal to a customized value (1-100) **Type:** number **Range:** 1-100 **Mutual Exclusion:** exception-threshold,exception-trustworthy, exception-low-risk, exception-moderate-risk, exception-suspicious, and exception-malicious are mutually exclusive **exception-trustworthy** **Description** Intercept when reputation score is less than or equal to 100 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** exception-trustworthy,exception-low-risk, exception-moderate-risk, exception-suspicious, exception-malicious, and exception-threshold are mutually exclusive .. _2960_local-cert-pin-list: local-cert-pin-list ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **local-cert-pin-list-bypass-fail-count** **Description** Set the connection fail count as bypass criteria (Bypass when connection failure count is greater than the criteria (1-65536)) **Type:** number **Range:** 1-65536 .. _2960_server-ipv6-list: server-ipv6-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **server-ipv6-list-name** **Description** IPV6 server class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` .. _2960_certificate-subject-equals-list: certificate-subject-equals-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **certificate-subject-equals** **Description** Forward proxy bypass if Certificate Subject equals another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _2960_cipher-without-prio-list: cipher-without-prio-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cipher-wo-prio** **Description** 'SSL3_RSA_DES_192_CBC3_SHA': TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A); 'SSL3_RSA_RC4_128_MD5': TLS_RSA_WITH_RC4_128_MD5 (0x0004); 'SSL3_RSA_RC4_128_SHA': TLS_RSA_WITH_RC4_128_SHA (0x0005); 'TLS1_RSA_AES_128_SHA': TLS_RSA_WITH_AES_128_CBC_SHA (0x002F); 'TLS1_RSA_AES_256_SHA': TLS_RSA_WITH_AES_256_CBC_SHA (0x0035); 'TLS1_RSA_AES_128_SHA256': TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C); 'TLS1_RSA_AES_256_SHA256': TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D); 'TLS1_DHE_RSA_AES_128_GCM_SHA256': TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E); 'TLS1_DHE_RSA_AES_128_SHA': TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033); 'TLS1_DHE_RSA_AES_128_SHA256': TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067); 'TLS1_DHE_RSA_AES_256_GCM_SHA384': TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F); 'TLS1_DHE_RSA_AES_256_SHA': TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039); 'TLS1_DHE_RSA_AES_256_SHA256': TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B); 'TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256': TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B); 'TLS1_ECDHE_ECDSA_AES_128_SHA': TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC009); 'TLS1_ECDHE_ECDSA_AES_128_SHA256': TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xC023); 'TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384': TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC02C); 'TLS1_ECDHE_ECDSA_AES_256_SHA': TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xC00A); 'TLS1_ECDHE_RSA_AES_128_GCM_SHA256': TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F); 'TLS1_ECDHE_RSA_AES_128_SHA': TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013); 'TLS1_ECDHE_RSA_AES_128_SHA256': TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027); 'TLS1_ECDHE_RSA_AES_256_GCM_SHA384': TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030); 'TLS1_ECDHE_RSA_AES_256_SHA': TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014); 'TLS1_RSA_AES_128_GCM_SHA256': TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C); 'TLS1_RSA_AES_256_GCM_SHA384': TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D); 'TLS1_ECDHE_RSA_AES_256_SHA384': TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028); 'TLS1_ECDHE_ECDSA_AES_256_SHA384': TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xC024); 'TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256': TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA8); 'TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256': TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCA9); 'TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256': TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCCAA); **Type:** string **Supported Values:** SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA384, TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256, TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256, TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256 **Mutual Exclusion:** cipher-wo-prio, template-cipher, and shared-partition-cipher-template are mutually exclusive .. _2960_starts-with-list: starts-with-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **starts-with** **Description** Forward proxy bypass if SNI string starts with another string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters