config web-proxy explicit-proxy
Configure explicit Web proxy settings.
config web-proxy explicit-proxy
Description: Configure explicit Web proxy settings.
edit <name>
set status [enable|disable]
set interface {string}
set secure-web-proxy [disable|enable|...]
set http [enable|disable]
set ftp-over-http [enable|disable]
set socks [enable|disable]
set http-incoming-port {user}
set http-connection-mode [static|multiplex|...]
set https-incoming-port {user}
set ftp-incoming-port {user}
set socks-incoming-port {user}
set secure-web-proxy-cert <name1>, <name2>, ...
set ssl-dh-bits [768|1024|...]
set incoming-ip {ipv4-address-any}
set ipv6-status [enable|disable]
set incoming-ip6 {ipv6-address}
set pref-dns-result [ipv4|ipv6]
set unknown-http-version [reject|best-effort]
set realm {string}
set sec-default-action [accept|deny]
set pac-file-server-status [enable|disable]
set pac-file-url {user}
set pac-file-server-port {user}
set pac-file-through-https [enable|disable]
set pac-file-name {string}
set pac-file-data {user}
set ssl-algorithm [high|medium|...]
set return-to-sender [enable|disable]
set learn-dst-from-sni [enable|disable]
set dstport-from-incoming [enable|disable]
set header-proxy-agent [enable|disable]
set dns-mode [recursive|non-recursive|...]
next
end
config web-proxy explicit-proxy
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
name |
object name |
string |
Maximum length: 35 |
|
||||||||||
|
status |
Enable/disable the explicit Web proxy for HTTP and HTTPS session. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
interface |
interface name |
string |
Maximum length: 15 |
|
||||||||||
|
secure-web-proxy |
Enable/disable/require the secure web proxy for HTTP and HTTPS session. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
http |
Enable/disable the HTTP & HTTPS proxy. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
ftp-over-http |
Enable to proxy FTP-over-HTTP sessions sent from a web browser. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
socks |
Enable/disable the SOCKS proxy. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
http-incoming-port |
Accept incoming HTTP requests on one or more ports. |
user |
Not Specified |
|
||||||||||
|
http-connection-mode |
HTTP connection mode. |
option |
- |
static |
||||||||||
|
|
|
|||||||||||||
|
https-incoming-port |
Accept incoming HTTPS requests on one or more ports. |
user |
Not Specified |
|
||||||||||
|
ftp-incoming-port |
Accept incoming FTP-over-HTTP requests on one or more ports. |
user |
Not Specified |
|
||||||||||
|
socks-incoming-port |
Accept incoming SOCKS proxy requests on one or more ports. |
user |
Not Specified |
|
||||||||||
|
secure-web-proxy-cert |
Name of certificates for secure web proxy. Certificate list. |
string |
Maximum length: 79 |
|
||||||||||
|
ssl-dh-bits |
Bit-size of Diffie-Hellman. |
option |
- |
2048 |
||||||||||
|
|
|
|||||||||||||
|
incoming-ip |
Restrict the explicit HTTP proxy to only accept sessions from this IP address. An interface must have this IP address. |
ipv4-address-any |
Not Specified |
0.0.0.0 |
||||||||||
|
ipv6-status |
Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6 related entries in this command. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
incoming-ip6 |
Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. |
ipv6-address |
Not Specified |
:: |
||||||||||
|
pref-dns-result |
Prefer resolving addresses using the configured IPv4 or IPv6 DNS server. |
option |
- |
ipv4 |
||||||||||
|
|
|
|||||||||||||
|
unknown-http-version |
How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. |
option |
- |
reject |
||||||||||
|
|
|
|||||||||||||
|
realm |
Authentication realm used to identify the explicit web proxy (maximum of 63 characters). |
string |
Maximum length: 63 |
default |
||||||||||
|
sec-default-action |
Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. |
option |
- |
deny |
||||||||||
|
|
|
|||||||||||||
|
pac-file-server-status |
Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy profile. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
pac-file-url |
PAC file access URL. |
user |
Not Specified |
|
||||||||||
|
pac-file-server-port |
Port number that PAC traffic from client web browsers uses to connect to the explicit web proxy. |
user |
Not Specified |
|
||||||||||
|
pac-file-through-https |
Enable/disable to get Proxy Auto-Configuration (PAC) through HTTPS. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
pac-file-name |
Pac file name. |
string |
Maximum length: 63 |
proxy.pac |
||||||||||
|
pac-file-data |
PAC file contents enclosed in quotes (maximum of 256K bytes). |
user |
Not Specified |
|
||||||||||
|
ssl-algorithm |
Relative strength of encryption algorithms accepted in HTTPS deep scan: high, medium, or low. |
option |
- |
low |
||||||||||
|
|
|
|||||||||||||
|
return-to-sender |
Enable/disable return-to-sender. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
learn-dst-from-sni |
Enable/disable learning destination from SNI in client hello. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
dstport-from-incoming |
Enable/disable reusing incoming port to connect to server. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
header-proxy-agent |
Enable/disable HTTP CONNECT response header Proxy-Agent. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
dns-mode |
DNS lookup mode. |
option |
- |
recursive |
||||||||||
|
|
|
|||||||||||||