config firewall vip6
Configure virtual IP for IPv6.
config firewall vip6
Description: Configure virtual IP for IPv6.
edit <name>
set add-nat64-route [disable|enable]
set client-cert [disable|enable]
set color {integer}
set comment {var-string}
set embedded-ipv4-address [disable|enable]
set empty-cert-action [accept|block|...]
set extip {user}
set extport {user}
set h2-support [enable|disable]
set h3-support [enable|disable]
set http-cookie-age {integer}
set http-cookie-domain {string}
set http-cookie-domain-from-host [disable|enable]
set http-cookie-generation {integer}
set http-cookie-path {string}
set http-cookie-share [disable|same-ip]
set http-ip-header [enable|disable]
set http-ip-header-name {string}
set http-multiplex [enable|disable]
set http-redirect [enable|disable]
set https-cookie-secure [disable|enable]
set id {integer}
set ipv4-mappedip {user}
set ipv4-mappedport {user}
set ldb-method [static|round-robin|...]
set mappedip {user}
set mappedport {user}
set max-embryonic-connections {integer}
set monitor <name1>, <name2>, ...
set nat-source-vip [disable|enable]
set nat64 [disable|enable]
set nat66 [disable|enable]
set ndp-reply [disable|enable]
set outlook-web-access [disable|enable]
set persistence [none|http-cookie|...]
set portforward [disable|enable]
set protocol [tcp|udp|...]
config quic
Description: QUIC setting.
set ack-delay-exponent {integer}
set active-connection-id-limit {integer}
set active-migration [enable|disable]
set grease-quic-bit [enable|disable]
set max-ack-delay {integer}
set max-datagram-frame-size {integer}
set max-idle-timeout {integer}
set max-udp-payload-size {integer}
end
config realservers
Description: Select the real servers that this server load balancing VIP will distribute traffic to.
edit <id>
set client-ip {user}
set healthcheck [disable|enable|...]
set holddown-interval {integer}
set http-host {string}
set ip {user}
set max-connections {integer}
set monitor <name1>, <name2>, ...
set port {integer}
set status [active|standby|...]
set translate-host [enable|disable]
set verify-cert [enable|disable]
set weight {integer}
next
end
set server-type [http|https|...]
set src-filter <range1>, <range2>, ...
set src-vip-filter [disable|enable]
set ssl-accept-ffdhe-groups [enable|disable]
set ssl-algorithm [high|medium|...]
set ssl-certificate <name1>, <name2>, ...
config ssl-cipher-suites
Description: SSL/TLS cipher suites acceptable from a client, ordered by priority.
edit <priority>
set cipher [TLS-AES-128-GCM-SHA256|TLS-AES-256-GCM-SHA384|...]
set versions {option1}, {option2}, ...
next
end
set ssl-client-fallback [disable|enable]
set ssl-client-rekey-count {integer}
set ssl-client-renegotiation [allow|deny|...]
set ssl-client-session-state-max {integer}
set ssl-client-session-state-timeout {integer}
set ssl-client-session-state-type [disable|time|...]
set ssl-dh-bits [768|1024|...]
set ssl-hpkp [disable|enable|...]
set ssl-hpkp-age {integer}
set ssl-hpkp-backup {string}
set ssl-hpkp-include-subdomains [disable|enable]
set ssl-hpkp-primary {string}
set ssl-hpkp-report-uri {var-string}
set ssl-hsts [disable|enable]
set ssl-hsts-age {integer}
set ssl-hsts-include-subdomains [disable|enable]
set ssl-http-location-conversion [enable|disable]
set ssl-http-match-host [enable|disable]
set ssl-max-version [ssl-3.0|tls-1.0|...]
set ssl-min-version [ssl-3.0|tls-1.0|...]
set ssl-mode [half|full]
set ssl-pfs [require|deny|...]
set ssl-send-empty-frags [enable|disable]
set ssl-server-algorithm [high|medium|...]
config ssl-server-cipher-suites
Description: SSL/TLS cipher suites to offer to a server, ordered by priority.
edit <priority>
set cipher [TLS-AES-128-GCM-SHA256|TLS-AES-256-GCM-SHA384|...]
set versions {option1}, {option2}, ...
next
end
set ssl-server-max-version [ssl-3.0|tls-1.0|...]
set ssl-server-min-version [ssl-3.0|tls-1.0|...]
set ssl-server-renegotiation [enable|disable]
set ssl-server-session-state-max {integer}
set ssl-server-session-state-timeout {integer}
set ssl-server-session-state-type [disable|time|...]
set type [static-nat|server-load-balance|...]
set user-agent-detect [disable|enable]
set uuid {uuid}
set weblogic-server [disable|enable]
set websphere-server [disable|enable]
next
end
config firewall vip6
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
add-nat64-route |
Enable/disable adding NAT64 route. |
option |
- |
enable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
client-cert |
Enable/disable requesting client certificate. |
option |
- |
enable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
color |
Color of icon on the GUI. |
integer |
Minimum value: 0 Maximum value: 32 |
0 |
||||||||||||||||||||
|
comment |
Comment. |
var-string |
Maximum length: 255 |
|
||||||||||||||||||||
|
embedded-ipv4-address |
Enable/disable use of the lower 32 bits of the external IPv6 address as mapped IPv4 address. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
empty-cert-action |
Action for an empty client certificate. |
option |
- |
block |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
extip |
IPv6 address or address range on the external interface that you want to map to an address or address range on the destination network. |
user |
Not Specified |
|
||||||||||||||||||||
|
extport |
Incoming port number range that you want to map to a port number range on the destination network. |
user |
Not Specified |
|
||||||||||||||||||||
|
h2-support |
Enable/disable HTTP2 support (default = enable). |
option |
- |
enable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
h3-support |
Enable/disable HTTP3/QUIC support (default = disable). |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
http-cookie-age |
Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit. |
integer |
Minimum value: 0 Maximum value: 525600 |
60 |
||||||||||||||||||||
|
http-cookie-domain |
Domain that HTTP cookie persistence should apply to. |
string |
Maximum length: 35 |
|
||||||||||||||||||||
|
http-cookie-domain-from-host |
Enable/disable use of HTTP cookie domain from host field in HTTP. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
http-cookie-generation |
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||||||
|
http-cookie-path |
Limit HTTP cookie persistence to the specified path. |
string |
Maximum length: 35 |
|
||||||||||||||||||||
|
http-cookie-share |
Control sharing of cookies across virtual servers. Use of same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. |
option |
- |
same-ip |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
http-ip-header |
For HTTP multiplexing, enable to add the original client IP address in the X-Forwarded-For HTTP header. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
http-ip-header-name |
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used. |
string |
Maximum length: 35 |
|
||||||||||||||||||||
|
http-multiplex |
Enable/disable HTTP multiplexing. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
http-redirect |
Enable/disable redirection of HTTP to HTTPS. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
https-cookie-secure |
Enable/disable verification that inserted HTTPS cookies are secure. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
id |
Custom defined ID. |
integer |
Minimum value: 0 Maximum value: 65535 |
0 |
||||||||||||||||||||
|
ipv4-mappedip |
Range of mapped IP addresses. Specify the start IP address followed by a space and the end IP address. |
user |
Not Specified |
|
||||||||||||||||||||
|
ipv4-mappedport |
IPv4 port number range on the destination network to which the external port number range is mapped. |
user |
Not Specified |
|
||||||||||||||||||||
|
ldb-method |
Method used to distribute sessions to real servers. |
option |
- |
static |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
mappedip |
Mapped IPv6 address range in the format startIP-endIP. |
user |
Not Specified |
|
||||||||||||||||||||
|
mappedport |
Port number range on the destination network to which the external port number range is mapped. |
user |
Not Specified |
|
||||||||||||||||||||
|
max-embryonic-connections |
Maximum number of incomplete connections. |
integer |
Minimum value: 0 Maximum value: 100000 |
1000 |
||||||||||||||||||||
|
monitor |
Name of the health check monitor to use when polling to determine a virtual server's connectivity status. Health monitor name. |
string |
Maximum length: 79 |
|
||||||||||||||||||||
|
name |
Virtual ip6 name. |
string |
Maximum length: 79 |
|
||||||||||||||||||||
|
nat-source-vip |
Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
nat64 |
Enable/disable DNAT64. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
nat66 |
Enable/disable DNAT66. |
option |
- |
enable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ndp-reply |
Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). |
option |
- |
enable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
outlook-web-access |
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
persistence |
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. |
option |
- |
none |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
portforward |
Enable port forwarding. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
protocol |
Protocol to use when forwarding packets. |
option |
- |
tcp |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
server-type |
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). |
option |
- |
|
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
src-filter |
Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. Source-filter range. |
string |
Maximum length: 79 |
|
||||||||||||||||||||
|
src-vip-filter |
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-accept-ffdhe-groups |
Enable/disable FFDHE cipher suite for SSL key exchange. |
option |
- |
enable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-algorithm |
Permitted encryption algorithms for SSL sessions according to encryption strength. |
option |
- |
high |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-certificate |
Name of the certificate to use for SSL handshake. Certificate list. |
string |
Maximum length: 79 |
|
||||||||||||||||||||
|
ssl-client-fallback |
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). |
option |
- |
enable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-client-rekey-count |
Maximum length of data in MB before triggering a client rekey (0 = disable). |
integer |
Minimum value: 200 Maximum value: 1048576 |
0 |
||||||||||||||||||||
|
ssl-client-renegotiation |
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. |
option |
- |
secure |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-client-session-state-max |
Maximum number of client to FortiGate SSL session states to keep. |
integer |
Minimum value: 1 Maximum value: 10000 |
1000 |
||||||||||||||||||||
|
ssl-client-session-state-timeout |
Number of minutes to keep client to FortiGate SSL session state. |
integer |
Minimum value: 1 Maximum value: 14400 |
30 |
||||||||||||||||||||
|
ssl-client-session-state-type |
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. |
option |
- |
both |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-dh-bits |
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. |
option |
- |
2048 |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-hpkp |
Enable/disable including HPKP header in response. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-hpkp-age |
Number of minutes the web browser should keep HPKP. |
integer |
Minimum value: 60 Maximum value: 157680000 |
5184000 |
||||||||||||||||||||
|
ssl-hpkp-backup |
Certificate to generate backup HPKP pin from. |
string |
Maximum length: 79 |
|
||||||||||||||||||||
|
ssl-hpkp-include-subdomains |
Indicate that HPKP header applies to all subdomains. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-hpkp-primary |
Certificate to generate primary HPKP pin from. |
string |
Maximum length: 79 |
|
||||||||||||||||||||
|
ssl-hpkp-report-uri |
URL to report HPKP violations to. |
var-string |
Maximum length: 255 |
|
||||||||||||||||||||
|
ssl-hsts |
Enable/disable including HSTS header in response. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-hsts-age |
Number of seconds the client should honor the HSTS setting. |
integer |
Minimum value: 60 Maximum value: 157680000 |
5184000 |
||||||||||||||||||||
|
ssl-hsts-include-subdomains |
Indicate that HSTS header applies to all subdomains. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-http-location-conversion |
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-http-match-host |
Enable/disable HTTP host matching for location conversion. |
option |
- |
enable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-max-version |
Highest SSL/TLS version acceptable from a client. |
option |
- |
tls-1.3 |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-min-version |
Lowest SSL/TLS version acceptable from a client. |
option |
- |
tls-1.1 |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-mode |
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). |
option |
- |
half |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-pfs |
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. |
option |
- |
require |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-send-empty-frags |
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. |
option |
- |
enable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-server-algorithm |
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. |
option |
- |
client |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-server-max-version |
Highest SSL/TLS version acceptable from a server. Use the client setting by default. |
option |
- |
client |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-server-min-version |
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. |
option |
- |
client |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-server-renegotiation |
Enable/disable secure renegotiation to comply with RFC 5746. |
option |
- |
enable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
ssl-server-session-state-max |
Maximum number of FortiGate to Server SSL session states to keep. |
integer |
Minimum value: 1 Maximum value: 10000 |
100 |
||||||||||||||||||||
|
ssl-server-session-state-timeout |
Number of minutes to keep FortiGate to Server SSL session state. |
integer |
Minimum value: 1 Maximum value: 14400 |
60 |
||||||||||||||||||||
|
ssl-server-session-state-type |
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. |
option |
- |
both |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
type |
Configure a static NAT server load balance VIP or access proxy. |
option |
- |
static-nat |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
user-agent-detect |
Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. |
option |
- |
enable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
uuid |
Universally Unique Identifier (UUID; automatically assigned but can be manually reset). |
uuid |
Not Specified |
00000000-0000-0000-0000-000000000000 |
||||||||||||||||||||
|
weblogic-server |
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
|
websphere-server |
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. |
option |
- |
disable |
||||||||||||||||||||
|
|
|
|||||||||||||||||||||||
config quic
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
ack-delay-exponent |
ACK delay exponent (1 - 20, default = 3). |
integer |
Minimum value: 1 Maximum value: 20 |
3 |
||||||
|
active-connection-id-limit |
Active connection ID limit (1 - 8, default = 2). |
integer |
Minimum value: 1 Maximum value: 8 |
2 |
||||||
|
active-migration |
Enable/disable active migration (default = disable). |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
grease-quic-bit |
Enable/disable grease QUIC bit (default = enable). |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
max-ack-delay |
Maximum ACK delay in milliseconds (1 - 16383, default = 25). |
integer |
Minimum value: 1 Maximum value: 16383 |
25 |
||||||
|
max-datagram-frame-size |
Maximum datagram frame size in bytes (1 - 1500, default = 1500). |
integer |
Minimum value: 1 Maximum value: 1500 |
1500 |
||||||
|
max-idle-timeout |
Maximum idle timeout milliseconds (1 - 60000, default = 30000). |
integer |
Minimum value: 1 Maximum value: 60000 |
30000 |
||||||
|
max-udp-payload-size |
Maximum UDP payload size in bytes (1200 - 1500, default = 1500). |
integer |
Minimum value: 1200 Maximum value: 1500 |
1500 |
||||||
config realservers
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
client-ip |
Only clients in this IP range can connect to this real server. |
user |
Not Specified |
|
||||||||
|
healthcheck |
Enable to check the responsiveness of the real server before forwarding traffic. |
option |
- |
vip |
||||||||
|
|
|
|||||||||||
|
holddown-interval |
Time in seconds that the system waits before re-activating a previously down active server in the active-standby mode. This is to prevent any flapping issues. |
integer |
Minimum value: 30 Maximum value: 65535 |
300 |
||||||||
|
http-host |
HTTP server domain name in HTTP header. |
string |
Maximum length: 63 |
|
||||||||
|
id |
Real server ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||
|
ip |
IP address of the real server. |
user |
Not Specified |
|
||||||||
|
max-connections |
Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers. |
integer |
Minimum value: 0 Maximum value: 2147483647 |
0 |
||||||||
|
monitor |
Name of the health check monitor to use when polling to determine a virtual server's connectivity status. Health monitor name. |
string |
Maximum length: 79 |
|
||||||||
|
port |
Port for communicating with the real server. Required if port forwarding is enabled. |
integer |
Minimum value: 1 Maximum value: 65535 |
0 |
||||||||
|
status |
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. |
option |
- |
active |
||||||||
|
|
|
|||||||||||
|
translate-host |
Enable/disable translation of hostname/IP from virtual server to real server. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
verify-cert |
Enable/disable certificate verification of the real server. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
weight |
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. |
integer |
Minimum value: 1 Maximum value: 255 |
1 |
||||||||
config ssl-cipher-suites
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
cipher |
Cipher suite name. |
option |
- |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
priority |
SSL/TLS cipher suites priority. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
versions |
SSL/TLS versions that the cipher suite can be used with. |
option |
- |
ssl-3.0 tls-1.0 tls-1.1 tls-1.2 tls-1.3 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
config ssl-server-cipher-suites
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
cipher |
Cipher suite name. |
option |
- |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
priority |
SSL/TLS cipher suites priority. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
versions |
SSL/TLS versions that the cipher suite can be used with. |
option |
- |
ssl-3.0 tls-1.0 tls-1.1 tls-1.2 tls-1.3 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||