server-policy setting
Use this command to configure the server policy settings.
Syntax
config server-policy setting
set core-file-count <core-file-count_int>
set enable-core-file {enable | disable}
set enable-session-statistics {enable | disable}
set enable-single-worker {enable | disable}
set hsm {enable | disable}
set no-session-limit {enable | disable}
set no-ssl-encrypt-then-mac {enable | disable}
set offline-session-timeout {seconds_int}
set use-first-ack-mac {enable | disable}
set dpdk {enable | disable}
set high-compatibility-mode {enable | disable}
set graceful-shutdown {enable | disable}
set server-pool-connection-limit-log {enable | disable}
set tls13-early-data-mode {enable | disable}
set record-content-routing-error-log {enable | disable}
set server-invalid-no-reponse {enable | disable}
set using-dns-proxy {enable | disable}
set df-flag {enable | disable}
end
|
core-file-count <core-file-count_int>
|
The maximum core dump file number. The valid values are 3 and 5.
|
No default |
|
enable-core-file {enable | disable}
|
Enable/disable generating the core dump files. |
No default |
|
enable-session-statistics {enable | disable}
|
Enable/disable session statistics for FortiView. |
No default |
|
enable-single-worker {enable | disable}
|
Enable/disable single worker mode. |
No default |
|
hsm {enable | disable}
|
Specifies whether the settings you use to integrate FortiWeb with an HSM (hardware security module) are displayed in the web UI. |
No default |
|
no-session-limit {enable | disable}
|
Enable not to limit the maximum concurrency sessions of FortiWeb-VM.
If this option is disabled, the maximum concurrent sessions for all the policies on a VM is 20,000 (2vCPUs), 50,000 (4vCPUs), or 100,000 (8vCPUs); For each policy, the number is 8,000 (2vCPUs), 15,000 (4vCPUs), or 50,000 (8vCPUs).
|
No default |
|
no-ssl-encrypt-then-mac {enable | disable}
|
Disable to include the encrypt-then-mac extension in the packets sent by the client. |
disable
|
|
use-first-ack-mac {enable | disable}
|
Once enabled, machine learning only observes the source MAC of two ACK packets for a URL at Three-way handshake.
If disabled, machine leaning observes all ACK packets, which continues refreshing MAC, with the performance affected. |
enable
|
|
dpdk {enable | disable}
|
Enable/disable DPDK for packet processing. |
No default |
|
high-compatibility-mode {enable | disable}
|
Enable to accelerate SSL transport. |
disable
|
|
offline-session-timeout {seconds_int}
|
Enter the offline session timeout. The valid range is seconds 30–1200 seconds. |
No default |
|
graceful-shutdown {enable | disable}
|
If disabled, the peer TCP connections are reset during system shutdown. |
enable
|
|
server-pool-connection-limit-log {enable | disable}
|
Enable to send a warning level event log when the connection number of each real server reaches the limitation. |
disable
|
|
tls13-early-data-mode {enable | disable}
|
Enable O-RTT in TLS 1.3. |
disable
|
|
record-content-routing-error-log {enable | disable}
|
Enable to activate the log when HTTP content routing match fails to show whether the mismatching error is raised by FortiWeb device or the real server. |
disable
|
|
server-invalid-no-reponse {enable | disable}
|
Enable this option so that closes the client connection when all the servers in the server pool are unresponsive.
|
disable
|
|
using-dns-proxy {enable | disable}
|
This option is enabled by default. If it is disabled, the system uses getaddrinfo to resolve the domain name.
|
enable
|
|
df-flag {enable | disable}
|
Enable to allow FortiWeb to send non DF-flag packet to pass the device with low MTU.
|
disable
|
Related topics
