server-policy setting
Use this command to configure the server policy settings.
Syntax
config server-policy setting
set core-file-count <core-file-count_int>
set enable-core-file {enable | disable}
set enable-session-statistics {enable | disable}
set enable-single-worker {enable | disable}
set hsm {enable | disable}
set no-session-limit {enable | disable}
set no-ssl-encrypt-then-mac {enable | disable}
set offline-session-timeout {seconds_int}
set use-first-ack-mac {enable | disable}
set dpdk {enable | disable}
set high-compatibility-mode {enable | disable}
set graceful-shutdown {enable | disable}
set server-pool-connection-limit-log {enable | disable}
set tls13-early-data-mode {enable | disable}
set record-content-routing-error-log {enable | disable}
set server-invalid-no-reponse {enable | disable}
set using-dns-proxy {enable | disable}
set df-flag {enable | disable}
end
core-file-count <core-file-count_int>
|
The maximum core dump file number. The valid values are 3 and 5.
|
No default |
enable-core-file {enable | disable}
|
Enable/disable generating the core dump files. |
No default |
enable-session-statistics {enable | disable}
|
Enable/disable session statistics for FortiView. |
No default |
enable-single-worker {enable | disable}
|
Enable/disable single worker mode. If enabled, there will be only one worker thread to handle the traffic. It's usually used for diagnose only. |
No default |
hsm {enable | disable}
|
Specifies whether the settings you use to integrate FortiWeb with an HSM (hardware security module) are displayed in the web UI. |
No default |
no-session-limit {enable | disable}
|
Enable not to limit the maximum concurrency sessions of FortiWeb-VM.
If this option is disabled, the maximum concurrent sessions for all the policies on a VM is 20,000 (2vCPUs), 50,000 (4vCPUs), or 100,000 (8vCPUs); For each policy, the number is 8,000 (2vCPUs), 15,000 (4vCPUs), or 50,000 (8vCPUs).
|
No default |
no-ssl-encrypt-then-mac {enable | disable}
|
Disable to include the encrypt-then-mac extension in the packets sent by the client. |
disable
|
use-first-ack-mac {enable | disable}
|
Once enabled, machine learning only observes the source MAC of two ACK packets for a URL at Three-way handshake. If disabled, machine leaning observes all ACK packets, which continues refreshing MAC, with the performance affected. |
enable
|
dpdk {enable | disable}
|
Enable/disable DPDK for packet processing. |
No default |
high-compatibility-mode {enable | disable}
|
Enable to accelerate SSL transport.
The setting works on certain hardware platforms which have SSL accelerate card. When enabled, the SSL accelerate card will do SSL traffic acceleration for SSL encryption and decryption.
|
disable
|
offline-session-timeout {seconds_int}
|
This setting only works in Offline Protection mode.
It's a session optimization option. FortiWeb's resources will be unnecessarily consumed if the connection always keeps on. With this option, you can configure the session timeout value to avoid them staying on for too long.
The valid range is seconds 30–1200 seconds.
|
No default |
graceful-shutdown {enable | disable}
|
If disabled, the peer TCP connections are reset during system shutdown. |
enable
|
server-pool-connection-limit-log {enable | disable}
|
Enable to send a warning level event log when the connection number of each real server reaches the limitation. |
disable
|
tls13-early-data-mode {enable | disable}
|
Enable O-RTT in TLS 1.3. |
disable
|
record-content-routing-error-log {enable | disable}
|
If enabled, the reason of the content routing failure will be recorded in event log.
|
disable
|
server-invalid-no-reponse {enable | disable}
|
Enable this option so that closes the client connection when all the servers in the server pool are unresponsive.
|
disable
|
using-dns-proxy {enable | disable}
|
This option is enabled by default. If it is disabled, the system uses getaddrinfo to resolve the domain name.
|
enable
|
df-flag {enable | disable}
|
Enable to allow FortiWeb to send non DF-flag packet to pass the device with low MTU.
|
disable
|
Related topics