Fortinet black logo

CLI Reference

server-policy setting

server-policy setting

Use this command to configure the server policy settings.

Syntax

config server-policy setting

set core-file-count <core-file-count_int>

set enable-core-file {enable | disable}

set enable-session-statistics {enable | disable}

set enable-single-worker {enable | disable}

set hsm {enable | disable}

set no-session-limit {enable | disable}

set no-ssl-encrypt-then-mac {enable | disable}

set offline-session-timeout {seconds_int}

set use-first-ack-mac {enable | disable}

set dpdk {enable | disable}

set high-compatibility-mode {enable | disable}

set graceful-shutdown {enable | disable}

set server-pool-connection-limit-log {enable | disable}

set tls13-early-data-mode {enable | disable}

set record-content-routing-error-log {enable | disable}

set server-invalid-no-reponse {enable | disable}

set using-dns-proxy {enable | disable}

set df-flag {enable | disable}

end

Variable Description Default

core-file-count <core-file-count_int>

The maximum core dump file number. The valid values are 3 and 5.

No default

enable-core-file {enable | disable}

Enable/disable generating the core dump files. No default

enable-session-statistics {enable | disable}

Enable/disable session statistics for FortiView. No default

enable-single-worker {enable | disable}

Enable/disable single worker mode. No default

hsm {enable | disable}

Specifies whether the settings you use to integrate FortiWeb with an HSM (hardware security module) are displayed in the web UI. No default

no-session-limit {enable | disable}

Enable not to limit the maximum concurrency sessions of FortiWeb-VM.

If this option is disabled, the maximum concurrent sessions for all the policies on a VM is 20,000 (2vCPUs), 50,000 (4vCPUs), or 100,000 (8vCPUs); For each policy, the number is 8,000 (2vCPUs), 15,000 (4vCPUs), or 50,000 (8vCPUs).

No default

no-ssl-encrypt-then-mac {enable | disable}

Disable to include the encrypt-then-mac extension in the packets sent by the client. disable

use-first-ack-mac {enable | disable}

Once enabled, machine learning only observes the source MAC of two ACK packets for a URL at Three-way handshake.
If disabled, machine leaning observes all ACK packets, which continues refreshing MAC, with the performance affected.
enable

dpdk {enable | disable}

Enable/disable DPDK for packet processing. No default

high-compatibility-mode {enable | disable}

Enable to accelerate SSL transport. disable

offline-session-timeout {seconds_int}

Enter the offline session timeout. The valid range is seconds 30–1200 seconds. No default
graceful-shutdown {enable | disable} If disabled, the peer TCP connections are reset during system shutdown. enable
server-pool-connection-limit-log {enable | disable} Enable to send a warning level event log when the connection number of each real server reaches the limitation. disable
tls13-early-data-mode {enable | disable} Enable O-RTT in TLS 1.3. disable
record-content-routing-error-log {enable | disable} Enable to activate the log when HTTP content routing match fails to show whether the mismatching error is raised by FortiWeb device or the real server. disable

server-invalid-no-reponse {enable | disable}

Enable this option so that closes the client connection when all the servers in the server pool are unresponsive.

disable

using-dns-proxy {enable | disable}

This option is enabled by default. If it is disabled, the system uses getaddrinfo to resolve the domain name.

enable

df-flag {enable | disable}

Enable to allow FortiWeb to send non DF-flag packet to pass the device with low MTU.

disable

Related topics

server-policy setting

Use this command to configure the server policy settings.

Syntax

config server-policy setting

set core-file-count <core-file-count_int>

set enable-core-file {enable | disable}

set enable-session-statistics {enable | disable}

set enable-single-worker {enable | disable}

set hsm {enable | disable}

set no-session-limit {enable | disable}

set no-ssl-encrypt-then-mac {enable | disable}

set offline-session-timeout {seconds_int}

set use-first-ack-mac {enable | disable}

set dpdk {enable | disable}

set high-compatibility-mode {enable | disable}

set graceful-shutdown {enable | disable}

set server-pool-connection-limit-log {enable | disable}

set tls13-early-data-mode {enable | disable}

set record-content-routing-error-log {enable | disable}

set server-invalid-no-reponse {enable | disable}

set using-dns-proxy {enable | disable}

set df-flag {enable | disable}

end

Variable Description Default

core-file-count <core-file-count_int>

The maximum core dump file number. The valid values are 3 and 5.

No default

enable-core-file {enable | disable}

Enable/disable generating the core dump files. No default

enable-session-statistics {enable | disable}

Enable/disable session statistics for FortiView. No default

enable-single-worker {enable | disable}

Enable/disable single worker mode. No default

hsm {enable | disable}

Specifies whether the settings you use to integrate FortiWeb with an HSM (hardware security module) are displayed in the web UI. No default

no-session-limit {enable | disable}

Enable not to limit the maximum concurrency sessions of FortiWeb-VM.

If this option is disabled, the maximum concurrent sessions for all the policies on a VM is 20,000 (2vCPUs), 50,000 (4vCPUs), or 100,000 (8vCPUs); For each policy, the number is 8,000 (2vCPUs), 15,000 (4vCPUs), or 50,000 (8vCPUs).

No default

no-ssl-encrypt-then-mac {enable | disable}

Disable to include the encrypt-then-mac extension in the packets sent by the client. disable

use-first-ack-mac {enable | disable}

Once enabled, machine learning only observes the source MAC of two ACK packets for a URL at Three-way handshake.
If disabled, machine leaning observes all ACK packets, which continues refreshing MAC, with the performance affected.
enable

dpdk {enable | disable}

Enable/disable DPDK for packet processing. No default

high-compatibility-mode {enable | disable}

Enable to accelerate SSL transport. disable

offline-session-timeout {seconds_int}

Enter the offline session timeout. The valid range is seconds 30–1200 seconds. No default
graceful-shutdown {enable | disable} If disabled, the peer TCP connections are reset during system shutdown. enable
server-pool-connection-limit-log {enable | disable} Enable to send a warning level event log when the connection number of each real server reaches the limitation. disable
tls13-early-data-mode {enable | disable} Enable O-RTT in TLS 1.3. disable
record-content-routing-error-log {enable | disable} Enable to activate the log when HTTP content routing match fails to show whether the mismatching error is raised by FortiWeb device or the real server. disable

server-invalid-no-reponse {enable | disable}

Enable this option so that closes the client connection when all the servers in the server pool are unresponsive.

disable

using-dns-proxy {enable | disable}

This option is enabled by default. If it is disabled, the system uses getaddrinfo to resolve the domain name.

enable

df-flag {enable | disable}

Enable to allow FortiWeb to send non DF-flag packet to pass the device with low MTU.

disable

Related topics