config web-proxy global
Configure Web proxy global settings.
config web-proxy global Description: Configure Web proxy global settings. set ssl-cert {string} set ssl-ca-cert {string} set fast-policy-match [enable|disable] set ldap-user-cache [enable|disable] set use-dynamic-pkey [enable|disable] set proxy-fqdn {string} set max-request-length {integer} set max-message-length {integer} set strict-web-check [enable|disable] set forward-proxy-auth [enable|disable] set forward-server-affinity-timeout {integer} set webproxy-profile {string} set learn-client-ip [disable|traffic-process|...] set always-learn-client-ip [enable|disable] set learn-client-ip-from-header {option1}, {option2}, ... set learn-client-ip-srcaddr <name1>, <name2>, ... set learn-client-ip-srcaddr6 <name1>, <name2>, ... set src-affinity-exempt-addr {ipv4-address-any} set src-affinity-exempt-addr6 {ipv6-address} set strict-guest [enable|disable] set https-replacement-message [enable|disable] set message-upon-server-error [enable|disable] set trace-auth-no-rsp [enable|disable] set policy-category-deep-inspect [enable|disable] set log-policy-pending [enable|disable] set log-forward-server [enable|disable] set extended-log [enable|disable] set log-http-transaction [disable|enable] set log-app-id [enable|disable] set proxy-transparent-cert-inspection [enable|disable] set explicit-outgoing-ip {ipv4-address-any} set explicit-outgoing-ip6 {ipv6-address} set realm {string} end
config web-proxy global
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
ssl-cert |
SSL certificate for SSL interception. |
string |
Maximum length: 35 |
default-server-cert |
||||||||
ssl-ca-cert |
SSL CA certificate for SSL interception. |
string |
Maximum length: 35 |
default-ca |
||||||||
fast-policy-match |
Enable/disable fast matching algorithm for explicit and transparent proxy policy. |
option |
- |
enable |
||||||||
|
|
|||||||||||
ldap-user-cache |
Enable/disable ldap user cache for explicit and transparent proxy user. |
option |
- |
enable |
||||||||
|
|
|||||||||||
use-dynamic-pkey |
Enable/disable use dynamic private key in the resigned cert. |
option |
- |
disable |
||||||||
|
|
|||||||||||
proxy-fqdn |
Fully Qualified Domain Name to connect to the explicit web proxy. |
string |
Maximum length: 255 |
default.fqdn |
||||||||
max-request-length |
Maximum length of HTTP request line. |
integer |
Minimum value: 2 Maximum value: 64 |
8 |
||||||||
max-message-length |
Maximum length of HTTP message, not including body. |
integer |
Minimum value: 16 Maximum value: 256 |
32 |
||||||||
strict-web-check |
Enable/disable strict web checking to block web sites that send incorrect headers that don't conform to HTTP 1.1. |
option |
- |
disable |
||||||||
|
|
|||||||||||
forward-proxy-auth |
Enable/disable forwarding proxy authentication headers. |
option |
- |
disable |
||||||||
|
|
|||||||||||
forward-server-affinity-timeout |
Period of time before the source IP's traffic is no longer assigned to the forwarding server. |
integer |
Minimum value: 6 Maximum value: 60 |
30 |
||||||||
webproxy-profile |
Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. |
string |
Maximum length: 63 |
|
||||||||
learn-client-ip |
Learn the client's IP address from headers. |
option |
- |
disable |
||||||||
|
|
|||||||||||
always-learn-client-ip |
Enable/disable learning the client's IP address from headers for every request. |
option |
- |
disable |
||||||||
|
|
|||||||||||
learn-client-ip-from-header |
Learn client IP address from the specified headers. |
option |
- |
|
||||||||
|
|
|||||||||||
learn-client-ip-srcaddr |
Source address name (srcaddr or srcaddr6 must be set). Address name. |
string |
Maximum length: 79 |
|
||||||||
learn-client-ip-srcaddr6 |
IPv6 Source address name (srcaddr or srcaddr6 must be set). Address name. |
string |
Maximum length: 79 |
|
||||||||
src-affinity-exempt-addr |
IPv4 source addresses to exempt proxy affinity. |
ipv4-address-any |
Not Specified |
|
||||||||
src-affinity-exempt-addr6 |
IPv6 source addresses to exempt proxy affinity. |
ipv6-address |
Not Specified |
|
||||||||
strict-guest |
Enable/disable strict guest user checking by the explicit web proxy. |
option |
- |
disable |
||||||||
|
|
|||||||||||
https-replacement-message |
Default action to enable or disable return replacement message for HTTPS requests. |
option |
- |
enable |
||||||||
|
|
|||||||||||
message-upon-server-error |
Enable/disable return of replacement message upon server error detection. |
option |
- |
enable |
||||||||
|
|
|||||||||||
trace-auth-no-rsp |
Enable/disable logging timed-out authentication requests. |
option |
- |
disable |
||||||||
|
|
|||||||||||
policy-category-deep-inspect |
Enable/disable deep inspection for application level category policy matching. |
option |
- |
enable |
||||||||
|
|
|||||||||||
log-policy-pending |
Enable/disable logging sessions that are pending on policy matching. |
option |
- |
disable |
||||||||
|
|
|||||||||||
log-forward-server |
Enable/disable forward server name logging in forward traffic log. |
option |
- |
disable |
||||||||
|
|
|||||||||||
extended-log |
Enable/disable extended log of http transaction for implicit policy. |
option |
- |
disable |
||||||||
|
|
|||||||||||
log-http-transaction |
Enable/disable http transaction log for implicit policy. |
option |
- |
disable |
||||||||
|
|
|||||||||||
log-app-id |
Enable/disable always log application type in traffic log. |
option |
- |
disable |
||||||||
|
|
|||||||||||
proxy-transparent-cert-inspection |
Enable/disable transparent proxy certificate inspection. |
option |
- |
disable |
||||||||
|
|
|||||||||||
explicit-outgoing-ip |
Outgoing HTTP requests by explicit webproxy will have this IP address as their source address. An interface must have this IP address. |
ipv4-address-any |
Not Specified |
|
||||||||
explicit-outgoing-ip6 |
Outgoing HTTP requests by explicit webproxy will leave this IP. An interface must have this IP address. |
ipv6-address |
Not Specified |
|
||||||||
realm |
Authentication realm. |
string |
Maximum length: 63 |
default |