config web-proxy global
Configure Web proxy global settings.
config web-proxy global
Description: Configure Web proxy global settings.
set ssl-cert {string}
set ssl-ca-cert {string}
set fast-policy-match [enable|disable]
set ldap-user-cache [enable|disable]
set use-dynamic-pkey [enable|disable]
set proxy-fqdn {string}
set max-request-length {integer}
set max-message-length {integer}
set strict-web-check [enable|disable]
set forward-proxy-auth [enable|disable]
set forward-server-affinity-timeout {integer}
set webproxy-profile {string}
set learn-client-ip [enable|disable]
set learn-client-ip-from-header {option1}, {option2}, ...
set learn-client-ip-srcaddr <name1>, <name2>, ...
set learn-client-ip-srcaddr6 <name1>, <name2>, ...
set src-affinity-exempt-addr {ipv4-address-any}
set src-affinity-exempt-addr6 {ipv6-address}
set strict-guest [enable|disable]
set https-replacement-message [enable|disable]
set message-upon-server-error [enable|disable]
set trace-auth-no-rsp [enable|disable]
set policy-category-deep-inspect [enable|disable]
set log-policy-pending [enable|disable]
set extended-log [enable|disable]
set log-http-transaction [all|utm|...]
set explicit-outgoing-ip {ipv4-address-any}
set explicit-outgoing-ip6 {ipv6-address}
set realm {string}
end
config web-proxy global
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ssl-cert |
SSL certificate for SSL interception. |
string |
Maximum length: 35 |
default-server-cert |
||||||||
|
ssl-ca-cert |
SSL CA certificate for SSL interception. |
string |
Maximum length: 35 |
default-ca |
||||||||
|
fast-policy-match |
Enable/disable fast matching algorithm for explicit and transparent proxy policy. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
ldap-user-cache |
Enable/disable ldap user cache for explicit and transparent proxy user. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
use-dynamic-pkey |
Enable/disable use dynamic private key in the resigned cert. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
proxy-fqdn |
Fully Qualified Domain Name to connect to the explicit web proxy. |
string |
Maximum length: 255 |
default.fqdn |
||||||||
|
max-request-length |
Maximum length of HTTP request line. |
integer |
Minimum value: 2 Maximum value: 64 |
8 |
||||||||
|
max-message-length |
Maximum length of HTTP message, not including body. |
integer |
Minimum value: 16 Maximum value: 256 |
32 |
||||||||
|
strict-web-check |
Enable/disable strict web checking to block web sites that send incorrect headers that don't conform to HTTP 1.1. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
forward-proxy-auth |
Enable/disable forwarding proxy authentication headers. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
forward-server-affinity-timeout |
Period of time before the source IP's traffic is no longer assigned to the forwarding server. |
integer |
Minimum value: 6 Maximum value: 60 |
30 |
||||||||
|
webproxy-profile |
Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. |
string |
Maximum length: 63 |
|
||||||||
|
learn-client-ip |
Enable/disable learning the client's IP address from headers. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
learn-client-ip-from-header |
Learn client IP address from the specified headers. |
option |
- |
|
||||||||
|
|
|
|||||||||||
|
learn-client-ip-srcaddr |
Source address name (srcaddr or srcaddr6 must be set). Address name. |
string |
Maximum length: 79 |
|
||||||||
|
learn-client-ip-srcaddr6 |
IPv6 Source address name (srcaddr or srcaddr6 must be set). Address name. |
string |
Maximum length: 79 |
|
||||||||
|
src-affinity-exempt-addr |
IPv4 source addresses to exempt proxy affinity. |
ipv4-address-any |
Not Specified |
|
||||||||
|
src-affinity-exempt-addr6 |
IPv6 source addresses to exempt proxy affinity. |
ipv6-address |
Not Specified |
|
||||||||
|
strict-guest |
Enable/disable strict guest user checking by the explicit web proxy. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
https-replacement-message |
Default action to enable or disable return replacement message for HTTPS requests. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
message-upon-server-error |
Enable/disable return of replacement message upon server error detection. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
trace-auth-no-rsp |
Enable/disable logging timed-out authentication requests. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
policy-category-deep-inspect |
Enable/disable deep inspection for application level category policy matching. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
log-policy-pending |
Enable/disable logging sessions that are pending on policy matching. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
extended-log |
Enable/disable extended log of http transaction for implicit policy. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
log-http-transaction |
Enable/disable http transaction log for implicit policy. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
explicit-outgoing-ip |
Outgoing HTTP requests by explicit webproxy will have this IP address as their source address. An interface must have this IP address. |
ipv4-address-any |
Not Specified |
|
||||||||
|
explicit-outgoing-ip6 |
Outgoing HTTP requests by explicit webproxy will leave this IP. An interface must have this IP address. |
ipv6-address |
Not Specified |
|
||||||||
|
realm |
Authentication realm. |
string |
Maximum length: 63 |
default |
||||||||