config web-proxy explicit
Description: Configure explicit Web proxy settings.
set status [enable|disable]
set ftp-over-http [enable|disable]
set socks [enable|disable]
set http-incoming-port {user}
set https-incoming-port {user}
set ftp-incoming-port {user}
set socks-incoming-port {user}
set incoming-ip {ipv4-address-any}
set outgoing-ip {ipv4-address-any}
set ipv6-status [enable|disable]
set incoming-ip6 {ipv6-address}
set outgoing-ip6 {ipv6-address}
set strict-guest [enable|disable]
set pref-dns-result [ipv4|ipv6]
set unknown-http-version [reject|tunnel|...]
set realm {string}
set sec-default-action [accept|deny]
set https-replacement-message [enable|disable]
set message-upon-server-error [enable|disable]
set pac-file-server-status [enable|disable]
set pac-file-url {user}
set pac-file-server-port {user}
set pac-file-name {string}
set pac-file-data {user}
config pac-policy
Description: PAC policies.
edit <policyid>
set status [enable|disable]
set srcaddr <name1>, <name2>, ...
set srcaddr6 <name1>, <name2>, ...
set dstaddr <name1>, <name2>, ...
set pac-file-name {string}
set pac-file-data {user}
set comments {var-string}
next
end
set ssl-algorithm [high|medium|...]
set trace-auth-no-rsp [enable|disable]
end
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable the explicit Web proxy for HTTP and HTTPS session. enable: Enable the explicit web proxy. disable: Disable the explicit web proxy. |
option | - |
ftp-over-http | Enable to proxy FTP-over-HTTP sessions sent from a web browser. enable: Enable FTP-over-HTTP sessions. disable: Disable FTP-over-HTTP sessions. |
option | - |
socks | Enable/disable the SOCKS proxy. enable: Enable the SOCKS proxy. disable: Disable the SOCKS proxy. |
option | - |
http-incoming-port | Accept incoming HTTP requests on one or more ports (0 - 65535, default = 8080). | user | Not Specified |
https-incoming-port | Accept incoming HTTPS requests on one or more ports (0 - 65535, default = 0, use the same as HTTP). | user | Not Specified |
ftp-incoming-port | Accept incoming FTP-over-HTTP requests on one or more ports (0 - 65535, default = 0; use the same as HTTP). | user | Not Specified |
socks-incoming-port | Accept incoming SOCKS proxy requests on one or more ports (0 - 65535, default = 0; use the same as HTTP). | user | Not Specified |
incoming-ip | Restrict the explicit HTTP proxy to only accept sessions from this IP address. An interface must have this IP address. | ipv4-address-any | Not Specified |
outgoing-ip | Outgoing HTTP requests will have this IP address as their source address. An interface must have this IP address. | ipv4-address-any | Not Specified |
ipv6-status | Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6 related entries in this command. enable: Enable allowing an IPv6 web proxy destination. disable: Disable allowing an IPv6 web proxy destination. |
option | - |
incoming-ip6 | Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. | ipv6-address | Not Specified |
outgoing-ip6 | Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified. Interfaces must have these IPv6 addresses. | ipv6-address | Not Specified |
strict-guest | Enable/disable strict guest user checking by the explicit web proxy. enable: Enable strict guest user checking. disable: Disable strict guest user checking. |
option | - |
pref-dns-result | Prefer resolving addresses using the configured IPv4 or IPv6 DNS server (default = ipv4). ipv4: Prefer the IPv4 DNS server. ipv6: Prefer the IPv6 DNS server. |
option | - |
unknown-http-version | How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. reject: Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1. tunnel: Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied. best-effort: Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost. |
option | - |
realm | Authentication realm used to identify the explicit web proxy (maximum of 63 characters). | string | Maximum length: 63 |
sec-default-action | Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. accept: Accept requests. All explicit web proxy traffic is accepted whether there is an explicit web proxy policy or not. deny: Deny requests unless there is a matching explicit web proxy policy. |
option | - |
https-replacement-message | Enable/disable sending the client a replacement message for HTTPS requests. enable: Display a replacement message for HTTPS requests. disable: Do not display a replacement message for HTTPS requests. |
option | - |
message-upon-server-error | Enable/disable displaying a replacement message when a server error is detected. enable: Display a replacement message when a server error is detected. disable: Do not display a replacement message when a server error is detected. |
option | - |
pac-file-server-status | Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy profile. enable: Enable Proxy Auto-Configuration (PAC). disable: Disable Proxy Auto-Configuration (PAC). |
option | - |
pac-file-url | PAC file access URL. | user | Not Specified |
pac-file-server-port | Port number that PAC traffic from client web browsers uses to connect to the explicit web proxy (0 - 65535, default = 0; use the same as HTTP). | user | Not Specified |
pac-file-name | Pac file name. | string | Maximum length: 63 |
pac-file-data | PAC file contents enclosed in quotes (maximum of 256K bytes). | user | Not Specified |
ssl-algorithm | Relative strength of encryption algorithms accepted in HTTPS deep scan: high, medium, or low. high: High encrption. Allow only AES and ChaCha. medium: Medium encryption. Allow AES, ChaCha, 3DES, and RC4. low: Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES. |
option | - |
trace-auth-no-rsp | Enable/disable logging timed-out authentication requests. enable: Enable logging timed-out authentication requests. disable: Disable logging timed-out authentication requests. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable policy. enable: Enable policy. disable: Disable policy. |
option | - |
srcaddr <name> |
Source address objects. Address name. |
string | Maximum length: 79 |
srcaddr6 <name> |
Source address6 objects. Address name. |
string | Maximum length: 79 |
dstaddr <name> |
Destination address objects. Address name. |
string | Maximum length: 79 |
pac-file-name | Pac file name. | string | Maximum length: 63 |
pac-file-data | PAC file contents enclosed in quotes (maximum of 256K bytes). | user | Not Specified |
comments | Optional comments. | var-string | Maximum length: 1023 |
config web-proxy explicit
Description: Configure explicit Web proxy settings.
set status [enable|disable]
set ftp-over-http [enable|disable]
set socks [enable|disable]
set http-incoming-port {user}
set https-incoming-port {user}
set ftp-incoming-port {user}
set socks-incoming-port {user}
set incoming-ip {ipv4-address-any}
set outgoing-ip {ipv4-address-any}
set ipv6-status [enable|disable]
set incoming-ip6 {ipv6-address}
set outgoing-ip6 {ipv6-address}
set strict-guest [enable|disable]
set pref-dns-result [ipv4|ipv6]
set unknown-http-version [reject|tunnel|...]
set realm {string}
set sec-default-action [accept|deny]
set https-replacement-message [enable|disable]
set message-upon-server-error [enable|disable]
set pac-file-server-status [enable|disable]
set pac-file-url {user}
set pac-file-server-port {user}
set pac-file-name {string}
set pac-file-data {user}
config pac-policy
Description: PAC policies.
edit <policyid>
set status [enable|disable]
set srcaddr <name1>, <name2>, ...
set srcaddr6 <name1>, <name2>, ...
set dstaddr <name1>, <name2>, ...
set pac-file-name {string}
set pac-file-data {user}
set comments {var-string}
next
end
set ssl-algorithm [high|medium|...]
set trace-auth-no-rsp [enable|disable]
end
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable the explicit Web proxy for HTTP and HTTPS session. enable: Enable the explicit web proxy. disable: Disable the explicit web proxy. |
option | - |
ftp-over-http | Enable to proxy FTP-over-HTTP sessions sent from a web browser. enable: Enable FTP-over-HTTP sessions. disable: Disable FTP-over-HTTP sessions. |
option | - |
socks | Enable/disable the SOCKS proxy. enable: Enable the SOCKS proxy. disable: Disable the SOCKS proxy. |
option | - |
http-incoming-port | Accept incoming HTTP requests on one or more ports (0 - 65535, default = 8080). | user | Not Specified |
https-incoming-port | Accept incoming HTTPS requests on one or more ports (0 - 65535, default = 0, use the same as HTTP). | user | Not Specified |
ftp-incoming-port | Accept incoming FTP-over-HTTP requests on one or more ports (0 - 65535, default = 0; use the same as HTTP). | user | Not Specified |
socks-incoming-port | Accept incoming SOCKS proxy requests on one or more ports (0 - 65535, default = 0; use the same as HTTP). | user | Not Specified |
incoming-ip | Restrict the explicit HTTP proxy to only accept sessions from this IP address. An interface must have this IP address. | ipv4-address-any | Not Specified |
outgoing-ip | Outgoing HTTP requests will have this IP address as their source address. An interface must have this IP address. | ipv4-address-any | Not Specified |
ipv6-status | Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6 related entries in this command. enable: Enable allowing an IPv6 web proxy destination. disable: Disable allowing an IPv6 web proxy destination. |
option | - |
incoming-ip6 | Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. | ipv6-address | Not Specified |
outgoing-ip6 | Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified. Interfaces must have these IPv6 addresses. | ipv6-address | Not Specified |
strict-guest | Enable/disable strict guest user checking by the explicit web proxy. enable: Enable strict guest user checking. disable: Disable strict guest user checking. |
option | - |
pref-dns-result | Prefer resolving addresses using the configured IPv4 or IPv6 DNS server (default = ipv4). ipv4: Prefer the IPv4 DNS server. ipv6: Prefer the IPv6 DNS server. |
option | - |
unknown-http-version | How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. reject: Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1. tunnel: Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied. best-effort: Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost. |
option | - |
realm | Authentication realm used to identify the explicit web proxy (maximum of 63 characters). | string | Maximum length: 63 |
sec-default-action | Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. accept: Accept requests. All explicit web proxy traffic is accepted whether there is an explicit web proxy policy or not. deny: Deny requests unless there is a matching explicit web proxy policy. |
option | - |
https-replacement-message | Enable/disable sending the client a replacement message for HTTPS requests. enable: Display a replacement message for HTTPS requests. disable: Do not display a replacement message for HTTPS requests. |
option | - |
message-upon-server-error | Enable/disable displaying a replacement message when a server error is detected. enable: Display a replacement message when a server error is detected. disable: Do not display a replacement message when a server error is detected. |
option | - |
pac-file-server-status | Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy profile. enable: Enable Proxy Auto-Configuration (PAC). disable: Disable Proxy Auto-Configuration (PAC). |
option | - |
pac-file-url | PAC file access URL. | user | Not Specified |
pac-file-server-port | Port number that PAC traffic from client web browsers uses to connect to the explicit web proxy (0 - 65535, default = 0; use the same as HTTP). | user | Not Specified |
pac-file-name | Pac file name. | string | Maximum length: 63 |
pac-file-data | PAC file contents enclosed in quotes (maximum of 256K bytes). | user | Not Specified |
ssl-algorithm | Relative strength of encryption algorithms accepted in HTTPS deep scan: high, medium, or low. high: High encrption. Allow only AES and ChaCha. medium: Medium encryption. Allow AES, ChaCha, 3DES, and RC4. low: Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES. |
option | - |
trace-auth-no-rsp | Enable/disable logging timed-out authentication requests. enable: Enable logging timed-out authentication requests. disable: Disable logging timed-out authentication requests. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable policy. enable: Enable policy. disable: Disable policy. |
option | - |
srcaddr <name> |
Source address objects. Address name. |
string | Maximum length: 79 |
srcaddr6 <name> |
Source address6 objects. Address name. |
string | Maximum length: 79 |
dstaddr <name> |
Destination address objects. Address name. |
string | Maximum length: 79 |
pac-file-name | Pac file name. | string | Maximum length: 63 |
pac-file-data | PAC file contents enclosed in quotes (maximum of 256K bytes). | user | Not Specified |
comments | Optional comments. | var-string | Maximum length: 1023 |