config ztna web-proxy
Configure ZTNA web-proxy.
config ztna web-proxy
Description: Configure ZTNA web-proxy.
edit <name>
config api-gateway
Description: Set IPv4 API Gateway.
edit <id>
set h2-support [enable|disable]
set h3-support [enable|disable]
set http-cookie-age {integer}
set http-cookie-domain {string}
set http-cookie-domain-from-host [disable|enable]
set http-cookie-generation {integer}
set http-cookie-path {string}
set http-cookie-share [disable|same-ip]
set https-cookie-secure [disable|enable]
set ldb-method [static|round-robin|...]
set persistence [none|http-cookie]
config quic
Description: QUIC setting.
set ack-delay-exponent {integer}
set active-connection-id-limit {integer}
set active-migration [enable|disable]
set grease-quic-bit [enable|disable]
set max-ack-delay {integer}
set max-datagram-frame-size {integer}
set max-idle-timeout {integer}
set max-udp-payload-size {integer}
end
config realservers
Description: Select the real servers that this Access Proxy will distribute traffic to.
edit <id>
set addr-type [ip|fqdn]
set address {string}
set health-check [disable|enable]
set health-check-proto [ping|http|...]
set holddown-interval [enable|disable]
set http-host {string}
set ip {ipv4-address-any}
set port {integer}
set status [active|standby|...]
set translate-host [enable|disable]
set weight {integer}
next
end
set service [http|https]
set ssl-algorithm [high|medium|...]
config ssl-cipher-suites
Description: SSL/TLS cipher suites to offer to a server, ordered by priority.
edit <priority>
set cipher [TLS-AES-128-GCM-SHA256|TLS-AES-256-GCM-SHA384|...]
set versions {option1}, {option2}, ...
next
end
set ssl-dh-bits [768|1024|...]
set ssl-max-version [tls-1.0|tls-1.1|...]
set ssl-min-version [tls-1.0|tls-1.1|...]
set ssl-renegotiation [enable|disable]
set url-map {string}
set url-map-type [sub-string|wildcard|...]
next
end
config api-gateway6
Description: Set IPv6 API Gateway.
edit <id>
set h2-support [enable|disable]
set h3-support [enable|disable]
set http-cookie-age {integer}
set http-cookie-domain {string}
set http-cookie-domain-from-host [disable|enable]
set http-cookie-generation {integer}
set http-cookie-path {string}
set http-cookie-share [disable|same-ip]
set https-cookie-secure [disable|enable]
set ldb-method [static|round-robin|...]
set persistence [none|http-cookie]
config quic
Description: QUIC setting.
set ack-delay-exponent {integer}
set active-connection-id-limit {integer}
set active-migration [enable|disable]
set grease-quic-bit [enable|disable]
set max-ack-delay {integer}
set max-datagram-frame-size {integer}
set max-idle-timeout {integer}
set max-udp-payload-size {integer}
end
config realservers
Description: Select the real servers that this Access Proxy will distribute traffic to.
edit <id>
set addr-type [ip|fqdn]
set address {string}
set health-check [disable|enable]
set health-check-proto [ping|http|...]
set holddown-interval [enable|disable]
set http-host {string}
set ip {ipv6-address}
set port {integer}
set status [active|standby|...]
set translate-host [enable|disable]
set weight {integer}
next
end
set service [http|https]
set ssl-algorithm [high|medium|...]
config ssl-cipher-suites
Description: SSL/TLS cipher suites to offer to a server, ordered by priority.
edit <priority>
set cipher [TLS-AES-128-GCM-SHA256|TLS-AES-256-GCM-SHA384|...]
set versions {option1}, {option2}, ...
next
end
set ssl-dh-bits [768|1024|...]
set ssl-max-version [tls-1.0|tls-1.1|...]
set ssl-min-version [tls-1.0|tls-1.1|...]
set ssl-renegotiation [enable|disable]
set url-map {string}
set url-map-type [sub-string|wildcard|...]
next
end
set auth-portal [disable|enable]
set auth-virtual-host {string}
set decrypted-traffic-mirror {string}
set host {string}
set log-blocked-traffic [disable|enable]
set svr-pool-multiplex [enable|disable]
set svr-pool-server-max-concurrent-request {integer}
set svr-pool-server-max-request {integer}
set svr-pool-ttl {integer}
set vip {string}
set vip6 {string}
next
end
config ztna web-proxy
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
auth-portal |
Enable/disable authentication portal. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
auth-virtual-host |
Virtual host for authentication portal. |
string |
Maximum length: 79 |
|
||||||
|
decrypted-traffic-mirror |
Decrypted traffic mirror. |
string |
Maximum length: 35 |
|
||||||
|
host |
Virtual or real host name. |
string |
Maximum length: 79 |
|
||||||
|
log-blocked-traffic |
Enable/disable logging of blocked traffic. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
name |
ZTNA proxy name. |
string |
Maximum length: 79 |
|
||||||
|
svr-pool-multiplex |
Enable/disable server pool multiplexing. Share connected server in HTTP and HTTPS api-gateways. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
svr-pool-server-max-concurrent-request |
Maximum number of concurrent requests that servers in the server pool could handle. |
integer |
Minimum value: 0 Maximum value: 2147483647 |
0 |
||||||
|
svr-pool-server-max-request |
Maximum number of requests that servers in the server pool handle before disconnecting. |
integer |
Minimum value: 0 Maximum value: 2147483647 |
0 |
||||||
|
svr-pool-ttl |
Time-to-live in the server pool for idle connections to servers. |
integer |
Minimum value: 0 Maximum value: 2147483647 |
15 |
||||||
|
vip |
Virtual IP name. |
string |
Maximum length: 79 |
|
||||||
|
vip6 |
Virtual IPv6 name. |
string |
Maximum length: 79 |
|
||||||
config api-gateway
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
h2-support |
HTTP2 support, default=Enable. |
option |
- |
enable |
||||||||||||||
|
|
|
|||||||||||||||||
|
h3-support |
HTTP3/QUIC support, default=Disable. |
option |
- |
disable |
||||||||||||||
|
|
|
|||||||||||||||||
|
http-cookie-age |
Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. |
integer |
Minimum value: 0 Maximum value: 525600 |
60 |
||||||||||||||
|
http-cookie-domain |
Domain that HTTP cookie persistence should apply to. |
string |
Maximum length: 35 |
|
||||||||||||||
|
http-cookie-domain-from-host |
Enable/disable use of HTTP cookie domain from host field in HTTP. |
option |
- |
disable |
||||||||||||||
|
|
|
|||||||||||||||||
|
http-cookie-generation |
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||
|
http-cookie-path |
Limit HTTP cookie persistence to the specified path. |
string |
Maximum length: 35 |
|
||||||||||||||
|
http-cookie-share |
Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. |
option |
- |
same-ip |
||||||||||||||
|
|
|
|||||||||||||||||
|
https-cookie-secure |
Enable/disable verification that inserted HTTPS cookies are secure. |
option |
- |
disable |
||||||||||||||
|
|
|
|||||||||||||||||
|
id |
API Gateway ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||
|
ldb-method |
Method used to distribute sessions to real servers. |
option |
- |
static |
||||||||||||||
|
|
|
|||||||||||||||||
|
persistence |
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. |
option |
- |
none |
||||||||||||||
|
|
|
|||||||||||||||||
|
service |
Service. |
option |
- |
https |
||||||||||||||
|
|
|
|||||||||||||||||
|
ssl-algorithm |
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. |
option |
- |
high |
||||||||||||||
|
|
|
|||||||||||||||||
|
ssl-dh-bits |
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. |
option |
- |
2048 |
||||||||||||||
|
|
|
|||||||||||||||||
|
ssl-max-version |
Highest SSL/TLS version acceptable from a server. |
option |
- |
tls-1.3 ** |
||||||||||||||
|
|
|
|||||||||||||||||
|
ssl-min-version |
Lowest SSL/TLS version acceptable from a server. |
option |
- |
tls-1.1 ** |
||||||||||||||
|
|
|
|||||||||||||||||
|
ssl-renegotiation |
Enable/disable secure renegotiation to comply with RFC 5746. |
option |
- |
enable |
||||||||||||||
|
|
|
|||||||||||||||||
|
url-map |
URL pattern to match. |
string |
Maximum length: 511 |
/ |
||||||||||||||
|
url-map-type |
Type of url-map. |
option |
- |
sub-string |
||||||||||||||
|
|
|
|||||||||||||||||
** Values may differ between models.
config quic
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
ack-delay-exponent |
ACK delay exponent. |
integer |
Minimum value: 1 Maximum value: 20 |
3 |
||||||
|
active-connection-id-limit |
Active connection ID limit. |
integer |
Minimum value: 1 Maximum value: 8 |
2 |
||||||
|
active-migration |
Enable/disable active migration. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
grease-quic-bit |
Enable/disable grease QUIC bit. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
max-ack-delay |
Maximum ACK delay in milliseconds. |
integer |
Minimum value: 1 Maximum value: 16383 |
25 |
||||||
|
max-datagram-frame-size |
Maximum datagram frame size in bytes. |
integer |
Minimum value: 1 Maximum value: 1500 |
1500 |
||||||
|
max-idle-timeout |
Maximum idle timeout milliseconds. |
integer |
Minimum value: 1 Maximum value: 60000 |
30000 |
||||||
|
max-udp-payload-size |
Maximum UDP payload size in bytes. |
integer |
Minimum value: 1200 Maximum value: 1500 |
1500 |
||||||
config realservers
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
addr-type |
Type of address. |
option |
- |
ip |
||||||||
|
|
|
|||||||||||
|
address |
Address or address group of the real server. |
string |
Maximum length: 79 |
|
||||||||
|
health-check |
Enable to check the responsiveness of the real server before forwarding traffic. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
health-check-proto |
Protocol of the health check monitor to use when polling to determine server's connectivity status. |
option |
- |
ping |
||||||||
|
|
|
|||||||||||
|
holddown-interval |
Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
http-host |
HTTP server domain name in HTTP header. |
string |
Maximum length: 63 |
|
||||||||
|
id |
Real server ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||
|
ip |
IPv6 address of the real server. |
ipv6-address |
Not Specified |
:: |
||||||||
|
port |
Port for communicating with the real server. |
integer |
Minimum value: 1 Maximum value: 65535 |
443 |
||||||||
|
status |
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. |
option |
- |
active |
||||||||
|
|
|
|||||||||||
|
translate-host |
Enable/disable translation of hostname/IP from virtual server to real server. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
weight |
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. |
integer |
Minimum value: 1 Maximum value: 255 |
1 |
||||||||
config ssl-cipher-suites
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
cipher |
Cipher suite name. |
option |
- |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
priority |
SSL/TLS cipher suites priority. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
versions |
SSL/TLS versions that the cipher suite can be used with. |
option |
- |
tls-1.0 tls-1.1 tls-1.2 tls-1.3 ** |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
** Values may differ between models.
config api-gateway6
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
h2-support |
HTTP2 support, default=Enable. |
option |
- |
enable |
||||||||||||||
|
|
|
|||||||||||||||||
|
h3-support |
HTTP3/QUIC support, default=Disable. |
option |
- |
disable |
||||||||||||||
|
|
|
|||||||||||||||||
|
http-cookie-age |
Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. |
integer |
Minimum value: 0 Maximum value: 525600 |
60 |
||||||||||||||
|
http-cookie-domain |
Domain that HTTP cookie persistence should apply to. |
string |
Maximum length: 35 |
|
||||||||||||||
|
http-cookie-domain-from-host |
Enable/disable use of HTTP cookie domain from host field in HTTP. |
option |
- |
disable |
||||||||||||||
|
|
|
|||||||||||||||||
|
http-cookie-generation |
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||
|
http-cookie-path |
Limit HTTP cookie persistence to the specified path. |
string |
Maximum length: 35 |
|
||||||||||||||
|
http-cookie-share |
Control sharing of cookies across API Gateway. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. |
option |
- |
same-ip |
||||||||||||||
|
|
|
|||||||||||||||||
|
https-cookie-secure |
Enable/disable verification that inserted HTTPS cookies are secure. |
option |
- |
disable |
||||||||||||||
|
|
|
|||||||||||||||||
|
id |
API Gateway ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||
|
ldb-method |
Method used to distribute sessions to real servers. |
option |
- |
static |
||||||||||||||
|
|
|
|||||||||||||||||
|
persistence |
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. |
option |
- |
none |
||||||||||||||
|
|
|
|||||||||||||||||
|
service |
Service. |
option |
- |
https |
||||||||||||||
|
|
|
|||||||||||||||||
|
ssl-algorithm |
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. |
option |
- |
high |
||||||||||||||
|
|
|
|||||||||||||||||
|
ssl-dh-bits |
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. |
option |
- |
2048 |
||||||||||||||
|
|
|
|||||||||||||||||
|
ssl-max-version |
Highest SSL/TLS version acceptable from a server. |
option |
- |
tls-1.3 ** |
||||||||||||||
|
|
|
|||||||||||||||||
|
ssl-min-version |
Lowest SSL/TLS version acceptable from a server. |
option |
- |
tls-1.1 ** |
||||||||||||||
|
|
|
|||||||||||||||||
|
ssl-renegotiation |
Enable/disable secure renegotiation to comply with RFC 5746. |
option |
- |
enable |
||||||||||||||
|
|
|
|||||||||||||||||
|
url-map |
URL pattern to match. |
string |
Maximum length: 511 |
/ |
||||||||||||||
|
url-map-type |
Type of url-map. |
option |
- |
sub-string |
||||||||||||||
|
|
|
|||||||||||||||||
** Values may differ between models.
config quic
|
Parameter |
Description |
Type |
Size |
Default |
|---|---|---|---|---|
|
ack-delay-exponent |
ACK delay exponent. |
integer |
Minimum value: 1 Maximum value: 20 |
3 |
|
active-connection-id-limit |
Active connection ID limit. |
integer |
Minimum value: 1 Maximum value: 8 |
2 |
|
active-migration |
Enable/disable active migration. |
option |
- |
disable |
|
grease-quic-bit |
Enable/disable grease QUIC bit. |
option |
- |
enable |
|
max-ack-delay |
Maximum ACK delay in milliseconds. |
integer |
Minimum value: 1 Maximum value: 16383 |
25 |
|
max-datagram-frame-size |
Maximum datagram frame size in bytes. |
integer |
Minimum value: 1 Maximum value: 1500 |
1500 |
|
max-idle-timeout |
Maximum idle timeout milliseconds. |
integer |
Minimum value: 1 Maximum value: 60000 |
30000 |
|
max-udp-payload-size |
Maximum UDP payload size in bytes. |
integer |
Minimum value: 1200 Maximum value: 1500 |
1500 |
config realservers
|
Parameter |
Description |
Type |
Size |
Default |
|---|---|---|---|---|
|
addr-type |
Type of address. |
option |
- |
ip |
|
address |
Address or address group of the real server. |
string |
Maximum length: 79 |
|
|
health-check |
Enable to check the responsiveness of the real server before forwarding traffic. |
option |
- |
disable |
|
health-check-proto |
Protocol of the health check monitor to use when polling to determine server's connectivity status. |
option |
- |
ping |
|
holddown-interval |
Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). |
option |
- |
enable |
|
http-host |
HTTP server domain name in HTTP header. |
string |
Maximum length: 63 |
|
|
id |
Real server ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
|
ip |
IPv6 address of the real server. |
ipv6-address |
Not Specified |
:: |
|
port |
Port for communicating with the real server. |
integer |
Minimum value: 1 Maximum value: 65535 |
443 |
|
status |
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. |
option |
- |
active |
|
translate-host |
Enable/disable translation of hostname/IP from virtual server to real server. |
option |
- |
enable |
|
weight |
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. |
integer |
Minimum value: 1 Maximum value: 255 |
1 |
config ssl-cipher-suites
|
Parameter |
Description |
Type |
Size |
Default |
|---|---|---|---|---|
|
cipher |
Cipher suite name. |
option |
- |
|
|
priority |
SSL/TLS cipher suites priority. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
|
versions |
SSL/TLS versions that the cipher suite can be used with. |
option |
- |
tls-1.0 tls-1.1 tls-1.2 tls-1.3 ** |
** Values may differ between models.