config web-proxy explicit
Configure explicit Web proxy settings.
config web-proxy explicit Description: Configure explicit Web proxy settings. set client-cert [disable|enable] set empty-cert-action [accept|block|...] set ftp-incoming-port {user} set ftp-over-http [enable|disable] set http-connection-mode [static|multiplex|...] set http-incoming-port {user} set https-incoming-port {user} set https-replacement-message [enable|disable] set incoming-ip {ipv4-address-any} set incoming-ip6 {ipv6-address} set interface {string} set interface-select-method [sdwan|specify] set ipv6-status [enable|disable] set message-upon-server-error [enable|disable] set outgoing-ip {ipv4-address-any} set outgoing-ip6 {ipv6-address} set pac-file-data {user} set pac-file-name {string} set pac-file-server-port {user} set pac-file-server-status [enable|disable] set pac-file-through-https [enable|disable] set pac-file-url {user} config pac-policy Description: PAC policies. edit <policyid> set comments {var-string} set dstaddr <name1>, <name2>, ... set pac-file-data {user} set pac-file-name {string} set srcaddr <name1>, <name2>, ... set srcaddr6 <name1>, <name2>, ... set status [enable|disable] next end set pref-dns-result [ipv4|ipv6|...] set realm {string} set sec-default-action [accept|deny] set secure-web-proxy [disable|enable|...] set secure-web-proxy-cert <name1>, <name2>, ... set socks [enable|disable] set socks-incoming-port {user} set ssl-algorithm [high|medium|...] set ssl-dh-bits [768|1024|...] set status [enable|disable] set strict-guest [enable|disable] set trace-auth-no-rsp [enable|disable] set unknown-http-version [reject|best-effort] set user-agent-detect [disable|enable] set vrf-select {integer} end
config web-proxy explicit
Parameter |
Description |
Type |
Size |
Default |
||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
client-cert |
Enable/disable to request client certificate. |
option |
- |
disable |
||||||||||
|
|
|||||||||||||
empty-cert-action |
Action of an empty client certificate. |
option |
- |
block |
||||||||||
|
|
|||||||||||||
ftp-incoming-port |
Accept incoming FTP-over-HTTP requests on one or more ports. |
user |
Not Specified |
|
||||||||||
ftp-over-http |
Enable to proxy FTP-over-HTTP sessions sent from a web browser. |
option |
- |
disable |
||||||||||
|
|
|||||||||||||
http-connection-mode |
HTTP connection mode. |
option |
- |
static |
||||||||||
|
|
|||||||||||||
http-incoming-port |
Accept incoming HTTP requests on one or more ports. |
user |
Not Specified |
|
||||||||||
https-incoming-port |
Accept incoming HTTPS requests on one or more ports. |
user |
Not Specified |
|
||||||||||
https-replacement-message |
Enable/disable sending the client a replacement message for HTTPS requests. |
option |
- |
enable |
||||||||||
|
|
|||||||||||||
incoming-ip |
Restrict the explicit HTTP proxy to only accept sessions from this IP address. An interface must have this IP address. |
ipv4-address-any |
Not Specified |
0.0.0.0 |
||||||||||
incoming-ip6 |
Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. |
ipv6-address |
Not Specified |
:: |
||||||||||
interface |
Specify outgoing interface to reach server. |
string |
Maximum length: 15 |
|
||||||||||
interface-select-method |
Specify how to select outgoing interface to reach server. |
option |
- |
sdwan |
||||||||||
|
|
|||||||||||||
ipv6-status |
Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6 related entries in this command. |
option |
- |
disable |
||||||||||
|
|
|||||||||||||
message-upon-server-error |
Enable/disable displaying a replacement message when a server error is detected. |
option |
- |
enable |
||||||||||
|
|
|||||||||||||
outgoing-ip |
Outgoing HTTP requests will have this IP address as their source address. An interface must have this IP address. |
ipv4-address-any |
Not Specified |
|
||||||||||
outgoing-ip6 |
Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified. Interfaces must have these IPv6 addresses. |
ipv6-address |
Not Specified |
|
||||||||||
pac-file-data |
PAC file contents enclosed in quotes (maximum of 256K bytes). |
user |
Not Specified |
|
||||||||||
pac-file-name |
Pac file name. |
string |
Maximum length: 63 |
proxy.pac |
||||||||||
pac-file-server-port |
Port number that PAC traffic from client web browsers uses to connect to the explicit web proxy. |
user |
Not Specified |
|
||||||||||
pac-file-server-status |
Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy profile. |
option |
- |
disable |
||||||||||
|
|
|||||||||||||
pac-file-through-https |
Enable/disable to get Proxy Auto-Configuration (PAC) through HTTPS. |
option |
- |
disable |
||||||||||
|
|
|||||||||||||
pac-file-url |
PAC file access URL. Read-only. |
user |
Not Specified |
|
||||||||||
pref-dns-result |
Prefer resolving addresses using the configured IPv4 or IPv6 DNS server. |
option |
- |
ipv4 |
||||||||||
|
|
|||||||||||||
realm |
Authentication realm used to identify the explicit web proxy (maximum of 63 characters). |
string |
Maximum length: 63 |
default |
||||||||||
sec-default-action |
Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. |
option |
- |
deny |
||||||||||
|
|
|||||||||||||
secure-web-proxy |
Enable/disable/require the secure web proxy for HTTP and HTTPS session. |
option |
- |
disable |
||||||||||
|
|
|||||||||||||
secure-web-proxy-cert |
Name of certificates for secure web proxy. Certificate list. |
string |
Maximum length: 79 |
|
||||||||||
socks |
Enable/disable the SOCKS proxy. |
option |
- |
disable |
||||||||||
|
|
|||||||||||||
socks-incoming-port |
Accept incoming SOCKS proxy requests on one or more ports. |
user |
Not Specified |
|
||||||||||
ssl-algorithm |
Relative strength of encryption algorithms accepted in HTTPS deep scan: high, medium, or low. |
option |
- |
low |
||||||||||
|
|
|||||||||||||
ssl-dh-bits |
Bit-size of Diffie-Hellman. |
option |
- |
2048 |
||||||||||
|
|
|||||||||||||
status |
Enable/disable the explicit Web proxy for HTTP and HTTPS session. |
option |
- |
disable |
||||||||||
|
|
|||||||||||||
strict-guest |
Enable/disable strict guest user checking by the explicit web proxy. |
option |
- |
disable |
||||||||||
|
|
|||||||||||||
trace-auth-no-rsp |
Enable/disable logging timed-out authentication requests. |
option |
- |
disable |
||||||||||
|
|
|||||||||||||
unknown-http-version |
How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. |
option |
- |
reject |
||||||||||
|
|
|||||||||||||
user-agent-detect |
Enable/disable to detect device type by HTTP user-agent if no client certificate provided. |
option |
- |
enable |
||||||||||
|
|
|||||||||||||
vrf-select |
VRF ID used for connection to server. |
integer |
Minimum value: 0 Maximum value: 511 |
-1 |
config pac-policy
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
comments |
Optional comments. |
var-string |
Maximum length: 1023 |
|
||||||
dstaddr |
Destination address objects. Address name. |
string |
Maximum length: 79 |
|
||||||
pac-file-data |
PAC file contents enclosed in quotes (maximum of 256K bytes). |
user |
Not Specified |
|
||||||
pac-file-name |
Pac file name. |
string |
Maximum length: 63 |
proxy.pac |
||||||
policyid |
Policy ID. |
integer |
Minimum value: 1 Maximum value: 100 |
0 |
||||||
srcaddr |
Source address objects. Address name. |
string |
Maximum length: 79 |
|
||||||
srcaddr6 |
Source address6 objects. Address name. |
string |
Maximum length: 79 |
|
||||||
status |
Enable/disable policy. |
option |
- |
enable |
||||||
|
|