slb template

SLB configuration is simplified by the use of templates. Templates simplify configuration by enabling you to configure common settings once and use them in multiple service configurations. The ACOS device provides templates to control server and port configuration parameters, connectivity parameters, and application parameters.

Server and Port Configuration Templates

The ACOS device provides the following types of server and port configuration templates:

  • Server – Controls parameters for real servers
  • Port – Controls parameters for service ports on real servers
  • Virtual server – Controls parameters for virtual servers
  • Virtual port – Controls parameters for service ports on virtual servers

Connectivity Templates

The ACOS device provides the following types of connectivity templates:

  • TCP-Proxy – Controls TCP/IP stack parameters
  • TCP – Controls TCP connection settings such as the idle timeout for unused sessions, and specifies whether the ACOS device sends TCP Resets to clients or servers after a session times out
  • UDP – Controls UDP connection settings such as the idle timeout for unused sessions, and specifies how quickly sessions are terminated after a server response is received

Application Templates

The following types of application templates are provided:

  • DBLB – MS-SQL and MySQL database load balancing.
  • Diameter – Provides proxy service and load balancing for Diameter AAA
  • DNS – Provides DNS security and optimization.
  • HTTP – Provides a robust set of options for HTTP header manipulation and for load balancing based on HTTP header content or the URL requested by the client, and other options
  • FTP – Provides load balancing for FTP traffic.
  • Policy – Uses Policy-based SLB (PBSLB) to permit or deny clients, or direct them to service groups, based on client black/white lists
  • External-service – Adds capabilities needed for intelligently steering traffic based on application (example: Internet Content Adaptation Protocol [ICAP]).
  • Cache – Caches web content on the ACOS device to enhance website performance for clients
  • Client SSL – Offloads SSL validation tasks from real servers
  • Server SSL – Validates real servers on behalf of clients
  • Cipher – Contains a set of SSL ciphers that can be applied to a client-SSL or server-SSL template.
  • Connection reuse – Reduces overhead from TCP connection setup by establishing and reusing TCP connections with real servers for multiple client requests
  • Cookie persistence – Inserts a cookie into server replies to clients, to direct clients to the same service group, real server, or real service port for subsequent requests for the service
  • Source-IP persistence – Directs a given client, identified by its IP address, to the same service port, server, or service group
  • Destination-IP persistence – Configures persistence to real servers based on destination IP address
  • FIX – Configures Financial Information eXchange load balancing.
  • Logging – Configures logging to external servers over TCP.
  • SSL session-ID persistence – Directs all client requests for a given virtual port, and that have a given SSL session ID, to the same real server and real port
  • SIP – Customizes settings for load balancing of Session Initiation Protocol (SIP) traffic
  • SMPP – Configures load balancing for Short Message Peer to Peer (SMPP).
  • SMTP – Configures STARTTLS support for Simple Mail Transfer Protocol (SMTP) clients
  • Streaming-media – Directs client requests based on the requested content

Where applicable, the ACOS device automatically applies a default template with commonly used settings. For example, when you configure SLB for FTP, the ACOS device automatically applies the default TCP template. If required by your application, you can configure a different template and apply that one instead.

template Specification

Type Intermediate Resource
Element Name template
Element URI /axapi/v3/slb/template
Element Attributes template_attributes
Schema template schema

Operations Allowed:

Operation Method URI Payload

Get Object

GET

/axapi/v3/slb/template

template_attributes

template Attributes

cache-list

Description: cache-list is a JSON List . Please see below for cache-list

Type: List

Reference Object: /axapi/v3/slb/template/cache/{name}

cipher-list

Description: cipher-list is a JSON List . Please see below for cipher-list

Type: List

Reference Object: /axapi/v3/slb/template/cipher/{name}

client-ssl-list

Description: client-ssl-list is a JSON List . Please see below for client-ssl-list

Type: List

Reference Object: /axapi/v3/slb/template/client-ssl/{name}

connection-reuse-list

Description: connection-reuse-list is a JSON List . Please see below for connection-reuse-list

Type: List

Reference Object: /axapi/v3/slb/template/connection-reuse/{name}

dblb-list

Description: dblb-list is a JSON List . Please see below for dblb-list

Type: List

Reference Object: /axapi/v3/slb/template/dblb/{name}

diameter-list

Description: diameter-list is a JSON List . Please see below for diameter-list

Type: List

Reference Object: /axapi/v3/slb/template/diameter/{name}

dns-list

Description: dns-list is a JSON List . Please see below for dns-list

Type: List

Reference Object: /axapi/v3/slb/template/dns/{name}

dynamic-service-list

Description: dynamic-service-list is a JSON List . Please see below for dynamic-service-list

Type: List

Reference Object: /axapi/v3/slb/template/dynamic-service/{name}

external-service-list

Description: external-service-list is a JSON List . Please see below for external-service-list

Type: List

Reference Object: /axapi/v3/slb/template/external-service/{name}

fix-list

Description: fix-list is a JSON List . Please see below for fix-list

Type: List

Reference Object: /axapi/v3/slb/template/fix/{name}

ftp-list

Description: ftp-list is a JSON List . Please see below for ftp-list

Type: List

Reference Object: /axapi/v3/slb/template/ftp/{name}

http-list

Description: http-list is a JSON List . Please see below for http-list

Type: List

Reference Object: /axapi/v3/slb/template/http/{name}

http-policy-list

Description: http-policy-list is a JSON List . Please see below for http-policy-list

Type: List

Reference Object: /axapi/v3/slb/template/http-policy/{name}

imap-pop3-list

Description: imap-pop3-list is a JSON List . Please see below for imap-pop3-list

Type: List

Reference Object: /axapi/v3/slb/template/imap-pop3/{name}

logging-list

Description: logging-list is a JSON List . Please see below for logging-list

Type: List

Reference Object: /axapi/v3/slb/template/logging/{name}

monitor-list

Description: monitor-list is a JSON List . Please see below for monitor-list

Type: List

Reference Object: /axapi/v3/slb/template/monitor/{id}

persist

Description: persist is a JSON Block . Please see below for persist

Type: Object

Reference Object: /axapi/v3/slb/template/persist

policy-list

Description: policy-list is a JSON List . Please see below for policy-list

Type: List

Reference Object: /axapi/v3/slb/template/policy/{name}

port-list

Description: port-list is a JSON List . Please see below for port-list

Type: List

Reference Object: /axapi/v3/slb/template/port/{name}

reqmod-icap-list

Description: reqmod-icap-list is a JSON List . Please see below for reqmod-icap-list

Type: List

Reference Object: /axapi/v3/slb/template/reqmod-icap/{name}

respmod-icap-list

Description: respmod-icap-list is a JSON List . Please see below for respmod-icap-list

Type: List

Reference Object: /axapi/v3/slb/template/respmod-icap/{name}

server-list

Description: server-list is a JSON List . Please see below for server-list

Type: List

Reference Object: /axapi/v3/slb/template/server/{name}

server-ssl-list

Description: server-ssl-list is a JSON List . Please see below for server-ssl-list

Type: List

Reference Object: /axapi/v3/slb/template/server-ssl/{name}

sip-list

Description: sip-list is a JSON List . Please see below for sip-list

Type: List

Reference Object: /axapi/v3/slb/template/sip/{name}

smpp-list

Description: smpp-list is a JSON List . Please see below for smpp-list

Type: List

Reference Object: /axapi/v3/slb/template/smpp/{name}

smtp-list

Description: smtp-list is a JSON List . Please see below for smtp-list

Type: List

Reference Object: /axapi/v3/slb/template/smtp/{name}

ssli-list

Description: ssli-list is a JSON List . Please see below for ssli-list

Type: List

Reference Object: /axapi/v3/slb/template/ssli/{name}

tcp-list

Description: tcp-list is a JSON List . Please see below for tcp-list

Type: List

Reference Object: /axapi/v3/slb/template/tcp/{name}

tcp-proxy-list

Description: tcp-proxy-list is a JSON List . Please see below for tcp-proxy-list

Type: List

Reference Object: /axapi/v3/slb/template/tcp-proxy/{name}

udp-list

Description: udp-list is a JSON List . Please see below for udp-list

Type: List

Reference Object: /axapi/v3/slb/template/udp/{name}

virtual-port-list

Description: virtual-port-list is a JSON List . Please see below for virtual-port-list

Type: List

Reference Object: /axapi/v3/slb/template/virtual-port/{name}

virtual-server-list

Description: virtual-server-list is a JSON List . Please see below for virtual-server-list

Type: List

Reference Object: /axapi/v3/slb/template/virtual-server/{name}

logging-list

Specification
Type list
Block object keys

auto

Description: ‘auto’: Configure auto NAT for logging, default is auto enabled;

Type: string

Supported Values: auto

Default: auto

Mutual Exclusion: auto and pool are mutually exclusive

format

Description: Specfiy a format string for web logging (format string(less than 250 characters) for web logging)

Type: string

Format: string-rlx

keep-end

Description: Number of unmasked characters at the end (default: 0)

Type: number

Range: 0-65535

Default: 0

keep-start

Description: Number of unmasked characters at the beginning (default: 0)

Type: number

Range: 0-65535

Default: 0

local-logging

Description: 1 to enable local logging (1 to enable local logging, default 0)

Type: number

Range: 0-1

Default: 0

mask

Description: Character to mask the matched pattern (default: X)

Type: string

Default: X

name

Description: Logging Template Name

Type: string

Format: string-rlx

pcre-mask

Description: Mask matched PCRE pattern in the log

Type: string

Format: string-rlx

pool

Description: Specify NAT pool or pool group

Type: string

Mutual Exclusion: pool and auto are mutually exclusive

Reference Object: /axapi/v3/ip/nat/pool

service-group

Description: Bind a Service Group to the logging template (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

tcp-proxy

Description: TCP proxy template (TCP Proxy Config name)

Type: string

Default: default

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

cache-list

Specification
Type list
Block object keys

accept-reload-req

Description: Accept reload requests via cache-control directives in HTTP headers

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

age

Description: Specify duration in seconds cached content valid, default is 3600 seconds (seconds that the cached content is valid (default 3600 seconds))

Type: number

Range: 1-999999

Default: 3600

default-policy-nocache

Description: Specify default policy to be to not cache

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

disable-insert-age

Description: Disable insertion of age header in response served from RAM cache

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

disable-insert-via

Description: Disable insertion of via header in response served from RAM cache

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

local-uri-policy

Description: local-uri-policy is a JSON List . Please see below for l211_local-uri-policy

Type: List

logging

Description: Specify logging template (Logging Config name)

Type: string

Reference Object: /axapi/v3/slb/template/logging

max-cache-size

Description: Specify maximum cache size in megabytes, default is 80MB (RAM cache size in megabytes (default 80MB))

Type: number

Range: 1-4096

Default: 80

max-content-size

Description: Maximum size (bytes) of response that can be cached - default 81920 (80KB)

Type: number

Range: 0-268435455

Default: 81920

min-content-size

Description: Minimum size (bytes) of response that can be cached - default 512

Type: number

Range: 0-268435455

Default: 512

name

Description: Specify cache template name

Type: string

Format: string-rlx

remove-cookies

Description: Remove cookies in response and cache

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

replacement-policy

Description: ‘LFU’: LFU;

Type: string

Supported Values: LFU

Default: LFU

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l211_sampling-enable

Type: List

uri-policy

Description: uri-policy is a JSON List . Please see below for l211_uri-policy

Type: List

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

verify-host

Description: Verify request using host before sending response from RAM cache

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cache-list.local-uri-policy

Specification
Type list
Block object keys

local-uri

Description: Specify Local URI for caching (Specify URI pattern that the policy should be applied to, maximum 63 charaters)

Type: string

Format: string-rlx

cache-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘hits’: hits; ‘miss’: miss; ‘bytes_served’: bytes_served; ‘total_req’: total_req; ‘caching_req’: caching_req; ‘nc_req_header’: nc_req_header; ‘nc_res_header’: nc_res_header; ‘rv_success’: rv_success; ‘rv_failure’: rv_failure; ‘ims_request’: ims_request; ‘nm_response’: nm_response; ‘rsp_type_CL’: rsp_type_CL; ‘rsp_type_CE’: rsp_type_CE; ‘rsp_type_304’: rsp_type_304; ‘rsp_type_other’: rsp_type_other; ‘rsp_no_compress’: rsp_no_compress; ‘rsp_gzip’: rsp_gzip; ‘rsp_deflate’: rsp_deflate; ‘rsp_other’: rsp_other; ‘nocache_match’: nocache_match; ‘match’: match; ‘invalidate_match’: invalidate_match; ‘content_toobig’: content_toobig; ‘content_toosmall’: content_toosmall; ‘entry_create_failures’: entry_create_failures; ‘mem_size’: mem_size; ‘entry_num’: entry_num; ‘replaced_entry’: replaced_entry; ‘aging_entry’: aging_entry; ‘cleaned_entry’: cleaned_entry;

Type: string

Supported Values: all, hits, miss, bytes_served, total_req, caching_req, nc_req_header, nc_res_header, rv_success, rv_failure, ims_request, nm_response, rsp_type_CL, rsp_type_CE, rsp_type_304, rsp_type_other, rsp_no_compress, rsp_gzip, rsp_deflate, rsp_other, nocache_match, match, invalidate_match, content_toobig, content_toosmall, entry_create_failures, mem_size, entry_num, replaced_entry, aging_entry, cleaned_entry

cache-list.uri-policy

Specification
Type list
Block object keys

cache-action

Description: ‘cache’: Specify if certain URIs should be cached; ‘nocache’: Specify if certain URIs should not be cached;

Type: string

Supported Values: cache, nocache

cache-value

Description: Specify seconds that content should be cached, default is age specified in cache template

Type: number

Range: 1-999999

invalidate

Description: Specify if URI should invalidate chache entries matching pattern (pattern that would match entries to be invalidated (64 chars max))

Type: string

uri

Description: Specify URI for cache policy (Specify URI pattern that the policy should be applied to, maximum 63 charaters)

Type: string

Format: string-rlx

port-list

Specification
Type list
Block object keys

add

Description: Slow start connection limit add by a number every interval (Add by this number every interval)

Type: number

Range: 1-4095

Mutual Exclusion: add and times are mutually exclusive

conn-limit

Description: Connection limit

Type: number

Range: 1-8000000

Default: 8000000

conn-limit-no-logging

Description: Do not log connection over limit event

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

conn-rate-limit

Description: Connection rate limit

Type: number

Range: 1-1048575

conn-rate-limit-no-logging

Description: Do not log connection over limit event

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

decrement

Description: Decrease after every round of DNS query (default is 0)

Type: number

Range: 0-7

Default: 0

dest-nat

Description: Destination NAT

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

down-grace-period

Description: Port down grace period

Type: number

Range: 1-86400

down-timer

Description: The timer to bring the marked down server/port to up (default is 0, never bring up) (The timer to bring up server (in second, default is 0))

Type: number

Range: 0-255

Default: 0

dscp

Description: Differentiated Services Code Point (DSCP to Real Server IP Mapping Value)

Type: number

Range: 1-63

dynamic-member-priority

Description: Set dynamic member’s priority (Initial priority (default is 16))

Type: number

Range: 1-16

Default: 16

every

Description: Slow start connection limit increment interval (default 10)

Type: number

Range: 1-60

Default: 10

extended-stats

Description: Enable extended statistics on real server port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

health-check

Description: Health Check Monitor (Health monitor name)

Type: string

Mutual Exclusion: health-check and health-check-disable are mutually exclusive

Reference Object: /axapi/v3/health/monitor

health-check-disable

Description: Disable configured health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check-disable and health-check are mutually exclusive

inband-health-check

Description: Use inband traffic to detect port’s health status

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

initial-slow-start

Description: Initial slow start connection limit (default 128)

Type: number

Range: 1-4095

Default: 128

name

Description: Port template name

Type: string

Format: string-rlx

Default: default

no-ssl

Description: No SSL

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

rate-interval

Description: ‘100ms’: Use 100 ms as sampling interval; ‘second’: Use 1 second as sampling interval;

Type: string

Supported Values: 100ms, second

Default: second

reassign

Description: Maximum reassign times before declear the server/port down (default is 25) (The maximum reassign number)

Type: number

Range: 0-255

Default: 25

request-rate-interval

Description: ‘100ms’: Use 100 ms as sampling interval; ‘second’: Use 1 second as sampling interval;

Type: string

Supported Values: 100ms, second

Default: second

request-rate-limit

Description: Request rate limit

Type: number

Range: 1-1048575

request-rate-no-logging

Description: Do not log connection over limit event

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

resel-on-reset

Description: When receiving reset from server, do the server/port reselection (default is 0, don’t do reselection)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

reset

Description: Send client reset when connection rate over limit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

resume

Description: Resume accepting new connection after connection number drops below threshold (Connection resume threshold)

Type: number

Range: 1-1048575

retry

Description: Maximum retry times before reassign this connection to another server/port (default is 2) (The maximum retry number)

Type: number

Range: 0-7

Default: 2

slow-start

Description: Slowly ramp up the connection number after port is up

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

source-nat

Description: Source NAT (IP NAT Pool or pool group name)

Type: string

stats-data-action

Description: ‘stats-data-enable’: Enable statistical data collection for real server port; ‘stats-data-disable’: Disable statistical data collection for real server port;

Type: string

Supported Values: stats-data-enable, stats-data-disable

Default: stats-data-enable

till

Description: Slow start ends when slow start connection limit reaches a number (default 4096) (Slow start ends when connection limit reaches this number)

Type: number

Range: 1-65535

Default: 4096

times

Description: Slow start connection limit multiply by a number every interval (default 2) (Multiply by this number every interval)

Type: number

Range: 2-10

Default: 2

Mutual Exclusion: times and add are mutually exclusive

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

weight

Description: Weight (port weight)

Type: number

Range: 1-100

Default: 1

connection-reuse-list

Specification
Type list
Block object keys

keep-alive-conn

Description: Keep a number of server connections open

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

limit-per-server

Description: Max Server Connections allowed (Connections per Server Port (default 1000))

Type: number

Range: 0-65535

Default: 1000

name

Description: Connection Reuse Template Name

Type: string

Format: string-rlx

num-conn-per-port

Description: Connections per Server Port (default 100)

Type: number

Range: 1-1024

Default: 100

preopen

Description: Preopen server connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

timeout

Description: Timeout in seconds. Multiple of 60 (def 2400)

Type: number

Range: 60-3600

Default: 2400

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

reqmod-icap-list

Specification
Type list
Block object keys

action

Description: ‘continue’: Continue; ‘drop’: Drop; ‘reset’: Reset;

Type: string

Supported Values: continue, drop, reset

Default: continue

allowed-http-methods

Description: List of allowed HTTP methods. Default is “Allow All”. (List of HTTP methods allowed (default “Allow All”))

Type: string

Format: string-rlx

bypass-ip-cfg

Description: bypass-ip-cfg is a JSON List . Please see below for l211_bypass-ip-cfg

Type: List

fail-close

Description: When template sg is down mark vport down

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

include-protocol-in-uri

Description: Include protocol and port in HTTP URI

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

logging

Description: logging template (Logging template name)

Type: string

Reference Object: /axapi/v3/slb/template/logging

min-payload-size

Description: min-payload-size value 1 - 65536, default is 4096

Type: number

Range: 1-65536

Default: 4096

name

Description: Reqmod ICAP Template Name

Type: string

Format: string-rlx

preview

Description: Preview value 1 - 32768, default is 32768

Type: number

Range: 1-32768

Default: 32768

server-ssl

Description: Server SSL template (Server SSL template name)

Type: string

Reference Object: /axapi/v3/slb/template/server-ssl

service-group

Description: Bind a Service Group to the template (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

service-url

Description: URL to send to ICAP server (Service URL Name)

Type: string

Format: string-rlx

source-ip

Description: Source IP persistence template (Source IP persistence template name)

Type: string

Reference Object: /axapi/v3/slb/template/persist/source-ip

tcp-proxy

Description: TCP proxy template (TCP proxy template name)

Type: string

Reference Object: /axapi/v3/slb/template/tcp-proxy

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

reqmod-icap-list.bypass-ip-cfg

Specification
Type list
Block object keys

bypass-ip

Description: ip address to bypass reqmod-icap service

Type: string

Format: ipv4-address

mask

Description: IP prefix mask

Type: string

Format: ipv4-netmask

smpp-list

Specification
Type list
Block object keys

client-enquire-link

Description: Respond client ENQUIRE_LINK packet directly instead of forwarding to server

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: SMPP Template Name

Type: string

Format: string-rlx

password

Description: Configure the password used to bind

Type: string

Format: string-rlx

server-enquire-link

Description: Send server ENQUIRE_LINK packet for every persist connection when enable conn-reuse

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-enquire-link-val

Description: Set interval of keep-alive packet for each persistent connection (second, default is 30)

Type: number

Range: 5-300

Default: 30

server-selection-per-request

Description: Force server selection on every SMPP request when enable conn-reuse

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user

Description: Configure the user to bind (The name used to bind)

Type: string

Format: string-rlx

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

smtp-list

Specification
Type list
Block object keys

client-domain-switching

Description: client-domain-switching is a JSON List . Please see below for l211_client-domain-switching

Type: List

client-starttls-type

Description: ‘optional’: STARTTLS is optional requirement; ‘enforced’: Must issue STARTTLS command before mail transaction;

Type: string

Supported Values: optional, enforced

command-disable

Description: command-disable is a JSON List . Please see below for l211_command-disable

Type: List

name

Description: SMTP Template Name

Type: string

Format: string-rlx

server-domain

Description: Config the domain of the email servers (Server’s domain, default is “mail-server-domain”)

Type: string

Format: string-rlx

Default: mail-server-domain

server-starttls-type

Description: ‘optional’: STARTTLS is optional requirement; ‘enforced’: Must issue STARTTLS command before mail transaction;

Type: string

Supported Values: optional, enforced

service-ready-msg

Description: Set SMTP service ready message (SMTP service ready message, default is “ESMTP mail service ready”)

Type: string

Format: string-rlx

Default: ESMTP mail service ready

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

smtp-list.client-domain-switching

Specification
Type list
Block object keys

match-string

Description: Domain name string

Type: string

Format: string-rlx

service-group

Description: Select service group (Service group name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

switching-type

Description: ‘contains’: Specify domain name string if domain contains another string; ‘ends-with’: Specify domain name string if domain ends with another string; ‘starts-with’: Specify domain string if domain starts with another string;

Type: string

Supported Values: contains, ends-with, starts-with

smtp-list.command-disable

Specification
Type list
Block object keys

disable-type

Description: ‘expn’: Disable SMTP EXPN commands; ‘turn’: Disable SMTP TURN commands; ‘vrfy’: Disable SMTP VRFY commands;

Type: string

Supported Values: expn, turn, vrfy

external-service-list

Specification
Type list
Block object keys

action

Description: ‘continue’: Continue; ‘drop’: Drop; ‘reset’: Reset;

Type: string

Supported Values: continue, drop, reset

Default: continue

bypass-ip-cfg

Description: bypass-ip-cfg is a JSON List . Please see below for l211_bypass-ip-cfg

Type: List

failure-action

Description: ‘continue’: Continue; ‘drop’: Drop; ‘reset’: Reset;

Type: string

Supported Values: continue, drop, reset

Default: continue

name

Description: External Service Template Name

Type: string

Format: string-rlx

service-group

Description: Bind a Service Group to the template (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

source-ip

Description: Source IP persistence template (Source IP persistence template name)

Type: string

Reference Object: /axapi/v3/slb/template/persist/source-ip

tcp-proxy

Description: TCP proxy template (TCP proxy template name)

Type: string

Reference Object: /axapi/v3/slb/template/tcp-proxy

timeout

Description: Timeout value 1 - 200 in units of 200ms, default is 5 (default is 1000ms) (1 - 200 in units of 200ms, default is 5 (1000ms))

Type: number

Range: 1-200

Default: 5

type

Description: ‘skyfire-icap’: Skyfire ICAP service; ‘url-filter’: URL filtering service;

Type: string

Supported Values: skyfire-icap, url-filter

Default: url-filter

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

external-service-list.bypass-ip-cfg

Specification
Type list
Block object keys

bypass-ip

Description: ip address to bypass external service

Type: string

Format: ipv4-address

mask

Description: IP prefix mask

Type: string

Format: ipv4-netmask

tcp-list

Specification
Type list
Block object keys

alive-if-active

Description: keep connection alive if active traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

force-delete-timeout

Description: The maximum time that a session can stay in the system before being delete (number (second))

Type: number

Range: 1-31

Mutual Exclusion: force-delete-timeout and force-delete-timeout-100ms are mutually exclusive

force-delete-timeout-100ms

Description: The maximum time that a session can stay in the system before being delete (number in 100ms)

Type: number

Range: 1-31

Mutual Exclusion: force-delete-timeout-100ms and force-delete-timeout are mutually exclusive

half-close-idle-timeout

Description: TCP Half Close Idle Timeout (sec), default off (half close idle timeout in second, default off)

Type: number

Range: 60-120

half-open-idle-timeout

Description: TCP Half Open Idle Timeout (sec), default off (half open idle timeout in second, default off)

Type: number

Range: 1-60

idle-timeout

Description: Idle Timeout value (default 120 seconds) (idle timeout in second, default 120)

Type: number

Range: 1-2097151

Default: 120

initial-window-size

Description: Set the initial window size (number)

Type: number

Range: 1-65535

insert-client-ip

Description: Insert client ip into TCP option

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

lan-fast-ack

Description: Enable fast TCP ack on LAN

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: Fast TCP Template Name

Type: string

Format: string-rlx

Default: default

qos

Description: QOS level (number)

Type: number

Range: 1-63

reset-fwd

Description: send reset to server if error happens

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

reset-rev

Description: send reset to client if error happens

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

diameter-list

Specification
Type list
Block object keys

avp-code

Description: avp code

Type: number

Range: 1-2147483647

avp-list

Description: avp-list is a JSON List . Please see below for l211_avp-list

Type: List

avp-string

Description: pattern to be matched in the avp string name, max length 127 bytes

Type: string

customize-cea

Description: customizing cea response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dwr-time

Description: dwr health-check timer interval (in 100 milli second unit, default is 100, 0 means unset this option)

Type: number

Range: 0-2147483647

Default: 100

idle-timeout

Description: user sesison idle timeout (in minutes, default is 5)

Type: number

Range: 1-65535

Default: 5

message-code-list

Description: message-code-list is a JSON List . Please see below for l211_message-code-list

Type: List

multiple-origin-host

Description: allowing multiple origin-host to a single server

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: diameter template Name

Type: string

Format: string-rlx

origin-host

Description: origin-host name avp

Type: string

origin-realm

Description: origin-realm name avp

Type: string

product-name

Description: product name avp

Type: string

service-group-name

Description: service group name, this is the service group that the message needs to be copied to

Type: string

Reference Object: /axapi/v3/slb/service-group

session-age

Description: user session age allowed (default 10), this is not idle-time (in minutes)

Type: number

Range: 1-65535

Default: 10

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

vendor-id

Description: vendor-id avp (Vendon Id)

Type: number

Range: 0-2147483647

Default: 0

diameter-list.avp-list

Specification
Type list
Block object keys

avp

Description: customize avps for cer to the server (avp number)

Type: number

Range: 0-2147483647

int32

Description: 32 bits integer

Type: number

Range: 0-2147483647

Mutual Exclusion: int32 int64 and string are mutually exclusive

int64

Description: 64 bits integer

Type: number

Range: 0-2147483647

Mutual Exclusion: int64 int32 and string are mutually exclusive

mandatory

Description: mandatory avp

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

string

Description: String (string name, max length 127 bytes)

Type: string

Mutual Exclusion: string int32 and int64 are mutually exclusive

diameter-list.message-code-list

Specification
Type list
Block object keys

message-code

Description:

Type: number

Range: 1-2147483647

udp-list

Specification
Type list
Block object keys

age

Description:

Type: number

Range: 1-31

idle-timeout

Description: Idle Timeout value (default 120 seconds) (idle timeout in second, default 120)

Type: number

Range: 1-2097151

Default: 120

immediate

Description: Immediate Removal after Transaction

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: immediate and short are mutually exclusive

name

Description: Fast UDP Template Name

Type: string

Format: string-rlx

Default: default

qos

Description: QOS level (number)

Type: number

Range: 1-63

re-select-if-server-down

Description: re-select another server if service port is down

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

short

Description: Short lived session

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: short and immediate are mutually exclusive

stateless-conn-timeout

Description: Stateless Current Connection Timeout value (5 - 120 seconds) (idle timeout in second, default 120)

Type: number

Range: 5-120

Default: 120

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

http-policy-list

Specification
Type list
Block object keys

cookie-name

Description: name of cookie to match (Cookie Name)

Type: string

Format: string-rlx

geo-location-match

Description: geo-location-match is a JSON List . Please see below for l211_geo-location-match

Type: List

http-policy-match

Description: http-policy-match is a JSON List . Please see below for l211_http-policy-match

Type: List

name

Description: http-policy template name

Type: string

Format: string-rlx

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

http-policy-list.http-policy-match

Specification
Type list
Block object keys

match-string

Description: URL String

Type: string

Format: string-rlx

match-type

Description: ‘contains’: Select service group if URL string contains another string; ‘ends-with’: Select service group if URL string ends with another string; ‘equals’: Select service group if URL string equals another string; ‘starts-with’: Select service group if URL string starts with another string;

Type: string

Supported Values: contains, ends-with, equals, starts-with

service-group

Description: Service Group to be used (Service Group Name)

Type: string

Reference Object: /axapi/v3/slb/service-group

template

Description: ‘waf’: waf; (WAF template to be used)

Type: string

Supported Values: waf

template-name

Description: WAF template to be used (Template Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/waf/template

type

Description: ‘cookie’: cookie value match; ‘host’: hostname match; ‘url’: URL match;

Type: string

Supported Values: cookie, host, url

http-policy-list.geo-location-match

Specification
Type list
Block object keys

geo-location

Description: Geolocation name

Type: string

geo-location-service-group

Description: Service Group to be used (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

geo-location-template

Description: ‘waf’: waf; (WAF template to be used)

Type: string

Supported Values: waf

geo-location-template-name

Description: WAF template to be used (Template Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/waf/template

client-ssl-list

Specification
Type list
Block object keys

alert-type

Description: ‘fatal’: Log fatal alerts;

Type: string

Supported Values: fatal

auth-sg

Description: Specify authorization LDAP service group

Type: string

Format: string-rlx

Mutual Exclusion: auth-sg and authen-name are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/service-group

auth-sg-dn

Description: Use Subject DN as LDAP search base DN

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

auth-sg-filter

Description: Specify LDAP search filter

Type: string

Format: string-rlx

auth-username

Description: Specify the Username Field in the Client Certificate(If multi-fields are specificed, prior one has higher priority)

Type: string

Format: string-rlx

auth-username-attribute

Description: Specify attribute name of username for client SSL authorization

Type: string

Format: string-rlx

authen-name

Description: Specify authorization LDAP server name

Type: string

Format: string-rlx

Mutual Exclusion: authen-name and auth-sg are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/server/ldap

authorization

Description: Specify LDAP server for client SSL authorizaiton

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ca-certs

Description: ca-certs is a JSON List . Please see below for l211_ca-certs

Type: List

cache-persistence-list-name

Description: Class List Name

Type: string

case-insensitive

Description: Case insensitive forward proxy bypass

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cert

Description: Server Certificate (Certificate Name)

Type: string

cert-revoke-action

Description: ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection;

Type: string

Supported Values: bypass, continue, drop

Default: bypass

cert-unknown-action

Description: ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection;

Type: string

Supported Values: bypass, continue, drop

Default: bypass

chain-cert

Description: Chain Certificate (Chain Certificate Name)

Type: string

cipher-without-prio-list

Description: cipher-without-prio-list is a JSON List . Please see below for l211_cipher-without-prio-list

Type: List

class-list-name

Description: Class List Name

Type: string

Mutual Exclusion: class-list-name and multi-clist-name are mutually exclusive

client-auth-case-insensitive

Description: Case insensitive forward proxy client auth bypass

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

client-auth-class-list

Description: Forward proxy client auth bypass if SNI string matches class-list (Class List Name)

Type: string

client-auth-contains-list

Description: client-auth-contains-list is a JSON List . Please see below for l211_client-auth-contains-list

Type: List

client-auth-ends-with-list

Description: client-auth-ends-with-list is a JSON List . Please see below for l211_client-auth-ends-with-list

Type: List

client-auth-equals-list

Description: client-auth-equals-list is a JSON List . Please see below for l211_client-auth-equals-list

Type: List

client-auth-starts-with-list

Description: client-auth-starts-with-list is a JSON List . Please see below for l211_client-auth-starts-with-list

Type: List

client-certificate

Description: ‘Ignore’: Don’t request client certificate; ‘Require’: Require client certificate; ‘Request’: Request client certificate;

Type: string

Supported Values: Ignore, Require, Request

Default: Ignore

close-notify

Description: Send close notification when terminate connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

contains-list

Description: contains-list is a JSON List . Please see below for l211_contains-list

Type: List

crl-certs

Description: crl-certs is a JSON List . Please see below for l211_crl-certs

Type: List

dh-type

Description: ‘1024’: 1024; ‘1024-dsa’: 1024-dsa; ‘2048’: 2048; ‘512’: 512;

Type: string

Supported Values: 1024, 1024-dsa, 2048, 512

disable-sslv3

Description: Reject Client requests for SSL version 3

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ec-list

Description: ec-list is a JSON List . Please see below for l211_ec-list

Type: List

enable-tls-alert-logging

Description: Enable TLS alert logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ends-with-list

Description: ends-with-list is a JSON List . Please see below for l211_ends-with-list

Type: List

equals-list

Description: equals-list is a JSON List . Please see below for l211_equals-list

Type: List

expire-hours

Description: Certificate lifetime in hours

Type: number

Range: 1-168

forward-encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

forward-passphrase

Description: Password Phrase

Type: string

Format: password

forward-proxy-alt-sign

Description: Forward proxy alternate signing cert and key

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-ca-cert

Description: CA Certificate for forward proxy (SSL forward proxy CA Certificate Name)

Type: string

forward-proxy-ca-key

Description: CA Private Key for forward proxy (SSL forward proxy CA Key Name)

Type: string

forward-proxy-cert-cache-limit

Description: Certificate cache size limit, default is 524288 (set to 0 for unlimited size)

Type: number

Range: 0-2147483647

Default: 524288

forward-proxy-cert-cache-timeout

Description: Certificate cache timeout, default is 1 hour (seconds, set to 0 for never timeout)

Type: number

Range: 0-2147483647

Default: 3600

forward-proxy-cert-expiry

Description: Adjust certificate expiry relative to the time when it is created on the device

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-cert-revoke-action

Description: Action taken if a certificate is irreversibly revoked, bypass SSLi processing by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-cert-unknown-action

Description: Action taken if a certificate revocation status is unknown, bypass SSLi processing by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-crl-disable

Description: Disable Certificate Revocation List checking for forward proxy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-enable

Description: Enable SSL forward proxy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-failsafe-disable

Description: Disable Failsafe for SSL forward proxy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-log-disable

Description: Disable SSL forward proxy logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-ocsp-disable

Description: Disable ocsp-stapling for forward proxy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-selfsign-redir

Description: Redirect connections to pages with self signed certs to a warning page

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-proxy-ssl-version

Description: TLS/SSL version, default is TLS1.2 (TLS/SSL version: 31-TLSv1.0, 32-TLSv1.1 and 33-TLSv1.2)

Type: number

Range: 31-33

Default: 33

forward-proxy-trusted-ca-lists

Description: forward-proxy-trusted-ca-lists is a JSON List . Please see below for l211_forward-proxy-trusted-ca-lists

Type: List

forward-proxy-verify-cert-fail-action

Description: Action taken if certificate verification fails, close the connection by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fp-alt-cert

Description: CA Certificate for forward proxy alternate signing (Certificate name)

Type: string

fp-alt-encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

fp-alt-key

Description: CA Private Key for forward proxy alternate signing (Key name)

Type: string

fp-alt-passphrase

Description: Password Phrase

Type: string

Format: password

hsm-type

Description: ‘thales-embed’: Thales embed key; ‘thales-hwcrhk’: Thales hwcrhk Key;

Type: string

Supported Values: thales-embed, thales-hwcrhk

inspect-list-name

Description: Class List Name

Type: string

key

Description: Server Private Key (Key Name)

Type: string

key-encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

key-passphrase

Description: Password Phrase

Type: string

Format: password

ldap-base-dn-from-cert

Description: Use Subject DN as LDAP search base DN

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ldap-search-filter

Description: Specify LDAP search filter

Type: string

Format: string-rlx

multi-class-list

Description: multi-class-list is a JSON List . Please see below for l211_multi-class-list

Type: List

name

Description: Client SSL Template Name

Type: string

Format: string-rlx

non-ssl-bypass-service-group

Description: Service Group for Bypass non-ssl traffic (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

ocsp-stapling

Description: Config OCSP stapling support

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ocspst-ca-cert

Description: CA certificate

Type: string

ocspst-ocsp

Description: Specify OCSP Authentication

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ocspst-sg

Description: Specify authentication service group

Type: string

Format: string-rlx

Mutual Exclusion: ocspst-sg and ocspst-srvr are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/service-group

ocspst-sg-days

Description: Specify update period, in days

Type: number

Range: 1-31

Mutual Exclusion: ocspst-sg-days ocspst-sg-hours and ocspst-sg-minutes are mutually exclusive

ocspst-sg-hours

Description: Specify update period, in hours

Type: number

Range: 1-23

Default: 1

Mutual Exclusion: ocspst-sg-hours ocspst-sg-days and ocspst-sg-minutes are mutually exclusive

ocspst-sg-minutes

Description: Specify update period, in minutes

Type: number

Range: 1-59

Mutual Exclusion: ocspst-sg-minutes ocspst-sg-days and ocspst-sg-hours are mutually exclusive

ocspst-sg-timeout

Description: Specify retry timeout (Default is 30 mins)

Type: number

Range: 1-44640

Default: 30

ocspst-srvr

Description: Specify OCSP authentication server

Type: string

Format: string-rlx

Mutual Exclusion: ocspst-srvr and ocspst-sg are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/server/ocsp

ocspst-srvr-days

Description: Specify update period, in days

Type: number

Range: 1-31

Mutual Exclusion: ocspst-srvr-days ocspst-srvr-hours and ocspst-srvr-minutes are mutually exclusive

ocspst-srvr-hours

Description: Specify update period, in hours

Type: number

Range: 1-23

Default: 1

Mutual Exclusion: ocspst-srvr-hours ocspst-srvr-days and ocspst-srvr-minutes are mutually exclusive

ocspst-srvr-minutes

Description: Specify update period, in minutes

Type: number

Range: 1-59

Mutual Exclusion: ocspst-srvr-minutes ocspst-srvr-days and ocspst-srvr-hours are mutually exclusive

ocspst-srvr-timeout

Description: Specify retry timeout (Default is 30 mins)

Type: number

Range: 1-44640

Default: 30

server-name-list

Description: server-name-list is a JSON List . Please see below for l211_server-name-list

Type: List

session-cache-size

Description: Session Cache Size (Specify 0 to disable Session ID reuse.)

Type: number

session-cache-timeout

Description: Session Cache Timeout (Timeout value, in seconds)

Type: number

Range: 0-604800

session-ticket-lifetime

Description: Session ticket lieftime in seconds from stateless session resumption (Lifetime value in seconds)

Type: number

Range: 0-2147483647

ssl-false-start-disable

Description: disable SSL False Start

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sslv2-bypass-service-group

Description: Service Group for Bypass SSLV2 (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

starts-with-list

Description: starts-with-list is a JSON List . Please see below for l211_starts-with-list

Type: List

template-cipher

Description: Cipher Template (Cipher Config Name)

Type: string

Mutual Exclusion: template-cipher and cipher-wo-prio are mutually exclusive

Reference Object: /axapi/v3/slb/template/cipher

template-hsm

Description: HSM Template (HSM Template Name)

Type: string

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

verify-cert-fail-action

Description: ‘bypass’: bypass SSLi processing; ‘continue’: continue the connection; ‘drop’: close the connection;

Type: string

Supported Values: bypass, continue, drop

Default: drop

web-category

Description: web-category is a JSON Block . Please see below for l211_web-category

Type: Object

client-ssl-list.equals-list

Specification
Type list
Block object keys

equals

Description: Forward proxy bypass if SNI string equals another string

Type: string

Format: string-rlx

client-ssl-list.forward-proxy-trusted-ca-lists

Specification
Type list
Block object keys

forward-proxy-trusted-ca

Description: Forward proxy trusted CA file (CA file name)

Type: string

client-ssl-list.ec-list

Specification
Type list
Block object keys

ec

Description: ‘secp256r1’: X9_62_prime256v1; ‘secp384r1’: secp384r1;

Type: string

Supported Values: secp256r1, secp384r1

client-ssl-list.contains-list

Specification
Type list
Block object keys

contains

Description: Forward proxy bypass if SNI string contains another string

Type: string

Format: string-rlx

client-ssl-list.ends-with-list

Specification
Type list
Block object keys

ends-with

Description: Forward proxy bypass if SNI string ends with another string

Type: string

Format: string-rlx

client-ssl-list.ca-certs

Specification
Type list
Block object keys

ca-cert

Description: CA Certificate (CA Certificate Name)

Type: string

client-ocsp

Description: Specify ocsp authentication server(s) for client certificate verification

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

client-ocsp-sg

Description: Specify service-group (Service group name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/aam/authentication/service-group

client-ocsp-srvr

Description: Specify authentication server

Type: string

Format: string-rlx

Reference Object: /axapi/v3/aam/authentication/server/ocsp

client-ssl-list.client-auth-contains-list

Specification
Type list
Block object keys

client-auth-contains

Description: Forward proxy bypass if SNI string contains another string

Type: string

Format: string-rlx

client-ssl-list.client-auth-equals-list

Specification
Type list
Block object keys

client-auth-equals

Description: Forward proxy bypass if SNI string equals another string

Type: string

Format: string-rlx

client-ssl-list.crl-certs

Specification
Type list
Block object keys

crl

Description: Certificate Revocation Lists (Certificate Revocation Lists file name)

Type: string

client-ssl-list.multi-class-list

Specification
Type list
Block object keys

multi-clist-name

Description: Class List Name

Type: string

Mutual Exclusion: multi-clist-name and class-list-name are mutually exclusive

client-ssl-list.web-category

Specification
Type object

abortion

Description: Category Abortion

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

adult-and-pornography

Description: Category Adult and Pornography

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

alochol-and-tobacco

Description: Category Alcohol and Tobacco

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

auctions

Description: Category Auctions

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

bot-nets

Description: Category Bot Nets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

business-and-economy

Description: Category Business and Economy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cdns

Description: Category CDNs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cheating

Description: Category Cheating

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

computer-and-internet-info

Description: Category Computer and Internet Info

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

computer-and-internet-security

Description: Category Computer and Internet Security

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

confirmed-spam-sources

Description: Category Confirmed SPAM Sources

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cult-and-occult

Description: Category Cult and Occult

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dating

Description: Category Dating

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dead-sites

Description: Category Dead Sites (db Ops only)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drugs

Description: Category Abused Drugs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-comment

Description: Category Dynamic Comment

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

educational-institutions

Description: Category Educational Institutions

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entertainment-and-arts

Description: Category Entertainment and Arts

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fashion-and-beauty

Description: Category Fashion and Beauty

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

financial-services

Description: Category Financial Services

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

food-and-dining

Description: Category Food and Dining

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

gambling

Description: Category Gambling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

games

Description: Category Games

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

government

Description: Category Government

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

gross

Description: Category Gross

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hacking

Description: Category Hacking

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hate-and-racism

Description: Category Hate and Racism

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

health-and-medicine

Description: Category Health and Medicine

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

home-and-garden

Description: Category Home and Garden

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hunting-and-fishing

Description: Category Hunting and Fishing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

illegal

Description: Category Illegal

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

image-and-video-search

Description: Category Image and Video Search

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

internet-communications

Description: Category Internet Communications

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

internet-portals

Description: Category Internet Portals

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

job-search

Description: Category Job Search

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

keyloggers-and-monitoring

Description: Category Keyloggers and Monitoring

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

kids

Description: Category Kids

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

legal

Description: Category Legal

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

local-information

Description: Category Local Information

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

malware-sites

Description: Category Malware Sites

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

marijuana

Description: Category Marijuana

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

military

Description: Category Military

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

motor-vehicles

Description: Category Motor Vehicles

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

music

Description: Category Music

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

news-and-media

Description: Category News and Media

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

nudity

Description: Category Nudity

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

online-greeting-cards

Description: Category Online Greeting cards

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

open-http-proxies

Description: Category Open HTTP Proxies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

parked-domains

Description: Category Parked Domains

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

pay-to-surf

Description: Category Pay to Surf

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

peer-to-peer

Description: Category Peer to Peer

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

personal-sites-and-blogs

Description: Category Personal sites and Blogs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

personal-storage

Description: Category Personal Storage

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

philosophy-and-politics

Description: Category Philosophy and Political Advocacy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

phishing-and-other-fraud

Description: Category Phishing and Other Frauds

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

private-ip-addresses

Description: Category Private IP Addresses

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

proxy-avoid-and-anonymizers

Description: Category Proxy Avoid and Anonymizers

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

questionable

Description: Category Questionable

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

real-estate

Description: Category Real Estate

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

recreation-and-hobbies

Description: Category Recreation and Hobbies

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

reference-and-research

Description: Category Reference and Research

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

religion

Description: Category Religion

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

search-engines

Description: Category Search Engines

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sex-education

Description: Category Sex Education

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

shareware-and-freeware

Description: Category Shareware and Freeware

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

shopping

Description: Category Shopping

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

social-network

Description: Category Social Network

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

society

Description: Category Society

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

spam-urls

Description: Category SPAM URLs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sports

Description: Category Sports

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

spyware-and-adware

Description: Category Spyware and Adware

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

stock-advice-and-tools

Description: Category Stock Advice and Tools

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

streaming-media

Description: Category Streaming Media

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

swimsuits-and-intimate-apparel

Description: Category Swimsuits and Intimate Apparel

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

training-and-tools

Description: Category Training and Tools

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

translation

Description: Category Translation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

travel

Description: Category Travel

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uncategorized

Description: Uncategorized URLs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

unconfirmed-spam-sources

Description: Category Unconfirmed SPAM Sources

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

violence

Description: Category Violence

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

weapons

Description: Category Weapons

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

web-adertisements

Description: Category Web Advertisements

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

web-based-email

Description: Category Web based email

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

web-hosting-sites

Description: Category Web Hosting Sites

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

client-ssl-list.client-auth-starts-with-list

Specification
Type list
Block object keys

client-auth-starts-with

Description: Forward proxy bypass if SNI string starts with another string

Type: string

Format: string-rlx

client-ssl-list.server-name-list

Specification
Type list
Block object keys

server-cert

Description: Server Certificate associated to SNI (Server Certificate Name)

Type: string

server-encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

server-key

Description: Server Private Key associated to SNI (Server Private Key Name)

Type: string

server-name

Description: Server name indication in Client hello extension (Server name String)

Type: string

server-passphrase

Description: help Password Phrase

Type: string

Format: password

client-ssl-list.client-auth-ends-with-list

Specification
Type list
Block object keys

client-auth-ends-with

Description: Forward proxy bypass if SNI string ends with another string

Type: string

Format: string-rlx

client-ssl-list.cipher-without-prio-list

Specification
Type list
Block object keys

cipher-wo-prio

Description: ‘SSL3_RSA_DES_192_CBC3_SHA’: SSL3_RSA_DES_192_CBC3_SHA; ‘SSL3_RSA_DES_40_CBC_SHA’: SSL3_RSA_DES_40_CBC_SHA; ‘SSL3_RSA_DES_64_CBC_SHA’: SSL3_RSA_DES_64_CBC_SHA; ‘SSL3_RSA_RC4_128_MD5’: SSL3_RSA_RC4_128_MD5; ‘SSL3_RSA_RC4_128_SHA’: SSL3_RSA_RC4_128_SHA; ‘SSL3_RSA_RC4_40_MD5’: SSL3_RSA_RC4_40_MD5; ‘TLS1_RSA_AES_128_SHA’: TLS1_RSA_AES_128_SHA; ‘TLS1_RSA_AES_256_SHA’: TLS1_RSA_AES_256_SHA; ‘TLS1_RSA_EXPORT1024_RC4_56_MD5’: TLS1_RSA_EXPORT1024_RC4_56_MD5; ‘TLS1_RSA_EXPORT1024_RC4_56_SHA’: TLS1_RSA_EXPORT1024_RC4_56_SHA; ‘TLS1_RSA_AES_128_SHA256’: TLS1_RSA_AES_128_SHA256; ‘TLS1_RSA_AES_256_SHA256’: TLS1_RSA_AES_256_SHA256; ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS1_DHE_RSA_AES_128_GCM_SHA256; ‘TLS1_DHE_RSA_AES_128_SHA’: TLS1_DHE_RSA_AES_128_SHA; ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS1_DHE_RSA_AES_128_SHA256; ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS1_DHE_RSA_AES_256_GCM_SHA384; ‘TLS1_DHE_RSA_AES_256_SHA’: TLS1_DHE_RSA_AES_256_SHA; ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS1_DHE_RSA_AES_256_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS1_ECDHE_ECDSA_AES_128_SHA; ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS1_ECDHE_ECDSA_AES_128_SHA256; ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS1_ECDHE_ECDSA_AES_256_SHA; ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS1_ECDHE_RSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS1_ECDHE_RSA_AES_128_SHA; ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS1_ECDHE_RSA_AES_128_SHA256; ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS1_ECDHE_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS1_ECDHE_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_GCM_SHA256’: TLS1_RSA_AES_128_GCM_SHA256; ‘TLS1_RSA_AES_256_GCM_SHA384’: TLS1_RSA_AES_256_GCM_SHA384;

Type: string

Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_DES_40_CBC_SHA, SSL3_RSA_DES_64_CBC_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, SSL3_RSA_RC4_40_MD5, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_EXPORT1024_RC4_56_MD5, TLS1_RSA_EXPORT1024_RC4_56_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384

Mutual Exclusion: cipher-wo-prio and template-cipher are mutually exclusive

client-ssl-list.starts-with-list

Specification
Type list
Block object keys

starts-with

Description: Forward proxy bypass if SNI string starts with another string

Type: string

Format: string-rlx

respmod-icap-list

Specification
Type list
Block object keys

action

Description: ‘continue’: Continue; ‘drop’: Drop; ‘reset’: Reset;

Type: string

Supported Values: continue, drop, reset

Default: continue

bypass-ip-cfg

Description: bypass-ip-cfg is a JSON List . Please see below for l211_bypass-ip-cfg

Type: List

fail-close

Description: When template sg is down mark vport down

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

include-protocol-in-uri

Description: Include protocol and port in HTTP URI

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

logging

Description: logging template (Logging template name)

Type: string

Reference Object: /axapi/v3/slb/template/logging

min-payload-size

Description: min-payload-size value 1 - 65536, default is 4096

Type: number

Range: 1-65536

Default: 4096

name

Description: Reqmod ICAP Template Name

Type: string

Format: string-rlx

preview

Description: Preview value 1 - 32768, default is 32768

Type: number

Range: 1-32768

Default: 32768

server-ssl

Description: Server SSL template (Server SSL template name)

Type: string

Reference Object: /axapi/v3/slb/template/server-ssl

service-group

Description: Bind a Service Group to the template (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

service-url

Description: URL to send to ICAP server (Service URL Name)

Type: string

Format: string-rlx

source-ip

Description: Source IP persistence template (Source IP persistence template name)

Type: string

Reference Object: /axapi/v3/slb/template/persist/source-ip

tcp-proxy

Description: TCP proxy template (TCP proxy template name)

Type: string

Reference Object: /axapi/v3/slb/template/tcp-proxy

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

respmod-icap-list.bypass-ip-cfg

Specification
Type list
Block object keys

bypass-ip

Description: ip address to bypass respmod-icap service

Type: string

Format: ipv4-address

mask

Description: IP prefix mask

Type: string

Format: ipv4-netmask

dynamic-service-list

Specification
Type list
Block object keys

dns-server

Description: dns-server is a JSON List . Please see below for l211_dns-server

Type: List

name

Description: Dynamic Service Template Name

Type: string

Format: string-rlx

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

dynamic-service-list.dns-server

Specification
Type list
Block object keys

ipv4-dns-server

Description: DNS Server IPv4 Address

Type: string

Format: ipv4-address

ipv6-dns-server

Description: DNS Server IPv6 Address

Type: string

Format: ipv6-address

dblb-list

Specification
Type list
Block object keys

calc-sha1

Description: calc-sha1 is a JSON Block . Please see below for l211_calc-sha1

Type: Object

Reference Object: /axapi/v3/slb/template/dblb/{name}/calc-sha1

class-list

Description: Specify user/password string class list (Class list name)

Type: string

Reference Object: /axapi/v3/class-list

name

Description: DBLB template name

Type: string

Format: string-rlx

server-version

Description: ‘MSSQL2008’: MSSQL server 2008 or 2008 R2; ‘MSSQL2012’: MSSQL server 2012; ‘MySQL’: MySQL server (any version);

Type: string

Supported Values: MSSQL2008, MSSQL2012, MySQL

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

dblb-list.calc-sha1

Specification
Type object

sha1-value

Description: Cleartext password

Type: string

fix-list

Specification
Type list
Block object keys

insert-client-ip

Description: Insert client ip to tag 11447

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: FIX Template Name

Type: string

Format: string-rlx

tag-switching

Description: tag-switching is a JSON List . Please see below for l211_tag-switching

Type: List

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

fix-list.tag-switching

Specification
Type list
Block object keys

equals

Description: Equals (Tag String)

Type: string

service-group

Description: Create a Service Group comprising Servers (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

switching-type

Description: ‘sender-comp-id’: Select service group based on SenderCompID; ‘target-comp-id’: Select service group based on TargetCompID;

Type: string

Supported Values: sender-comp-id, target-comp-id

persist

Specification
Type object

cookie-list

Description: cookie-list is a JSON List . Please see below for l211_cookie-list

Type: List

Reference Object: /axapi/v3/slb/template/persist/cookie/{name}

destination-ip-list

Description: destination-ip-list is a JSON List . Please see below for l211_destination-ip-list

Type: List

Reference Object: /axapi/v3/slb/template/persist/destination-ip/{name}

source-ip-list

Description: source-ip-list is a JSON List . Please see below for l211_source-ip-list

Type: List

Reference Object: /axapi/v3/slb/template/persist/source-ip/{name}

ssl-sid-list

Description: ssl-sid-list is a JSON List . Please see below for l211_ssl-sid-list

Type: List

Reference Object: /axapi/v3/slb/template/persist/ssl-sid/{name}

persist.destination-ip-list

Specification
Type list
Block object keys

dont-honor-conn-rules

Description: Do not observe connection rate rules

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hash-persist

Description: Use hash value of destination IP address

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

match-type

Description: Persistence type

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: Destination IP persistence template name

Type: string

netmask

Description: IP subnet mask

Type: string

Format: ipv4-netmask

Default: 255.255.255.255

netmask6

Description: IPV6 subnet mask

Type: number

Range: 1-128

Default: 128

scan-all-members

Description: Persist with SCAN of all members

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server

Description: Persist to the same server, default is port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: server and service-group are mutually exclusive

service-group

Description: Persist within the same service group

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: service-group and server are mutually exclusive

timeout

Description: Persistence timeout (in minutes)

Type: number

Range: 1-2000

Default: 5

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

persist.source-ip-list

Specification
Type list
Block object keys

dont-honor-conn-rules

Description: Do not observe connection rate rules

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enforce-higher-priority

Description: Enforce to use high priority node if available

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hash-persist

Description: Use hash value of source IP address

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

incl-dst-ip

Description: Include destination IP on the persist

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

incl-sport

Description: Include source port on the persist

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

match-type

Description: Persistence type

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: Source IP persistence template name

Type: string

Format: string-rlx

netmask

Description: IP subnet mask

Type: string

Format: ipv4-netmask

Default: 255.255.255.255

netmask6

Description: IPV6 subnet mask

Type: number

Range: 1-128

Default: 128

scan-all-members

Description: Persist with SCAN of all members

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server

Description: Persist to the same server, default is port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: server and service-group are mutually exclusive

service-group

Description: Persist within the same service group

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: service-group and server are mutually exclusive

timeout

Description: Persistence timeout (in minutes)

Type: number

Range: 1-2000

Default: 5

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

persist.ssl-sid-list

Specification
Type list
Block object keys

dont-honor-conn-rules

Description: Do not observe connection rate rules

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: SSL session ID persistence template name

Type: string

Format: string-rlx

timeout

Description: Persistence timeout (in minutes)

Type: number

Range: 1-2000

Default: 5

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

sip-list

Specification
Type list
Block object keys

acl-id

Description: ACL id

Type: number

Range: 100-199

Mutual Exclusion: acl-id and acl-name-value are mutually exclusive

Reference Object: /axapi/v3/access-list/standard

acl-name-value

Description: IPv4 Access List Name

Type: string

Mutual Exclusion: acl-name-value and acl-id are mutually exclusive

Reference Object: /axapi/v3/ip/access-list

alg-dest-nat

Description: Translate VIP to real server IP in SIP message when destination NAT is used

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

alg-source-nat

Description: Translate source IP to NAT IP in SIP message when source NAT is used

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

call-id-persist-disable

Description: Disable call-ID persistence

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

client-keep-alive

Description: Respond client keep-alive packet directly instead of forwarding to server

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

client-request-header

Description: client-request-header is a JSON List . Please see below for l211_client-request-header

Type: List

client-response-header

Description: client-response-header is a JSON List . Please see below for l211_client-response-header

Type: List

dialog-aware

Description: Permit system processes dialog session

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-when-client-fail

Description: Drop current SIP message when select client fail

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: drop-when-client-fail and failed-client-selection-message are mutually exclusive

drop-when-server-fail

Description: Drop current SIP message when select server fail

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: drop-when-server-fail and failed-server-selection-message are mutually exclusive

exclude-translation

Description: exclude-translation is a JSON List . Please see below for l211_exclude-translation

Type: List

failed-client-selection

Description: Define action when select client fail

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

failed-client-selection-message

Description: Send SIP message (includs status code) to server when select client fail(Format: 3 digits(1XX~6XX) space reason)

Type: string

Format: string-rlx

Mutual Exclusion: failed-client-selection-message and drop-when-client-fail are mutually exclusive

failed-server-selection

Description: Define action when select server fail

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

failed-server-selection-message

Description: Send SIP message (includs status code) to client when select server fail(Format: 3 digits(1XX~6XX) space reason)

Type: string

Format: string-rlx

Mutual Exclusion: failed-server-selection-message and drop-when-server-fail are mutually exclusive

insert-client-ip

Description: Insert Client IP address into SIP header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

interval

Description: The interval of keep-alive packet for each persist connection (second)

Type: number

Range: 5-300

Default: 30

keep-server-ip-if-match-acl

Description: Use Real Server IP for addresses matching the ACL for a Call-Id

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: SIP Template Name

Type: string

Format: string-rlx

server-keep-alive

Description: Send server keep-alive packet for every persist connection when enable conn-reuse

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-request-header

Description: server-request-header is a JSON List . Please see below for l211_server-request-header

Type: List

server-response-header

Description: server-response-header is a JSON List . Please see below for l211_server-response-header

Type: List

server-selection-per-request

Description: Force server selection on every SIP request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

service-group

Description: service group name

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

smp-call-id-rtp-session

Description: Create the across cpu call-id rtp session

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

timeout

Description: Time in minutes

Type: number

Range: 1-250

Default: 30

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

sip-list.server-request-header

Specification
Type list
Block object keys

insert-condition-server-request

Description: ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;

Type: string

Supported Values: insert-if-not-exist, insert-always

server-request-erase-all

Description: Erase all headers

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-request-header-erase

Description: Erase a SIP header (Header Name)

Type: string

Format: string-rlx

server-request-header-insert

Description: Insert a SIP header (Header Content (Format: “name: value”))

Type: string

Format: string-rlx

sip-list.server-response-header

Specification
Type list
Block object keys

insert-condition-server-response

Description: ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;

Type: string

Supported Values: insert-if-not-exist, insert-always

server-response-erase-all

Description: Erase all headers

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-response-header-erase

Description: Erase a SIP header (Header Name)

Type: string

Format: string-rlx

server-response-header-insert

Description: Insert a SIP header (Header Content (Format: “name: value”))

Type: string

Format: string-rlx

sip-list.client-request-header

Specification
Type list
Block object keys

client-request-erase-all

Description: Erase all headers

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

client-request-header-erase

Description: Erase a SIP header (Header Name)

Type: string

Format: string-rlx

client-request-header-insert

Description: Insert a SIP header (Header Content (Format: “name: value”))

Type: string

Format: string-rlx

insert-condition-client-request

Description: ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;

Type: string

Supported Values: insert-if-not-exist, insert-always

sip-list.client-response-header

Specification
Type list
Block object keys

client-response-erase-all

Description: Erase all headers

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

client-response-header-erase

Description: Erase a SIP header (Header Name)

Type: string

Format: string-rlx

client-response-header-insert

Description: Insert a SIP header (Header Content (Format: “name: value”))

Type: string

Format: string-rlx

insert-condition-client-response

Description: ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;

Type: string

Supported Values: insert-if-not-exist, insert-always

sip-list.exclude-translation

Specification
Type list
Block object keys

header-string

Description: SIP header name

Type: string

Format: string-rlx

translation-value

Description: ‘start-line’: SIP request line or status line; ‘header’: SIP message headers; ‘body’: SIP message body;

Type: string

Supported Values: start-line, header, body

virtual-server-list

Specification
Type list
Block object keys

conn-limit

Description: Connection limit

Type: number

Range: 1-8000000

Default: 8000000

conn-limit-no-logging

Description: Do not log connection over limit event

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

conn-limit-reset

Description: Send client reset when connection over limit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

conn-rate-limit

Description: Connection rate limit

Type: number

Range: 1-1048575

conn-rate-limit-no-logging

Description: Do not log connection over limit event

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

conn-rate-limit-reset

Description: Send client reset when connection rate over limit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

icmp-lockup

Description: Enter lockup state when ICMP rate exceeds lockup rate limit (Maximum rate limit. If exceeds this limit, drop all ICMP packet for a time period)

Type: number

Range: 1-65535

icmp-lockup-period

Description: Lockup period (second)

Type: number

Range: 1-16383

icmp-rate-limit

Description: ICMP rate limit (Normal rate limit. If exceeds this limit, drop the ICMP packet that goes over the limit)

Type: number

Range: 1-65535

icmpv6-lockup

Description: Enter lockup state when ICMP rate exceeds lockup rate limit (Maximum rate limit. If exceeds this limit, drop all ICMP packet for a time period)

Type: number

Range: 1-65535

icmpv6-lockup-period

Description: Lockup period (second)

Type: number

Range: 1-16383

icmpv6-rate-limit

Description: ICMPv6 rate limit (Normal rate limit. If exceeds this limit, drop the ICMP packet that goes over the limit)

Type: number

Range: 1-65535

name

Description: Virtual server template name

Type: string

Format: string-rlx

Default: default

rate-interval

Description: ‘100ms’: Use 100 ms as sampling interval; ‘second’: Use 1 second as sampling interval;

Type: string

Supported Values: 100ms, second

Default: second

subnet-gratuitous-arp

Description: Send gratuitous ARP for every IP in the subnet virtual server

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

dns-list

Specification
Type list
Block object keys

class-list

Description: class-list is a JSON Block . Please see below for l211_class-list

Type: Object

Reference Object: /axapi/v3/slb/template/dns/{name}/class-list

default-policy

Description: ‘nocache’: Cache disable; ‘cache’: Cache enable;

Type: string

Supported Values: nocache, cache

Default: nocache

disable-dns-template

Description: Disable DNS template

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop

Description: Drop the malformed query

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: drop and forward are mutually exclusive

enable-cache-sharing

Description: Enable DNS cache sharing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward

Description: Forward to service group (Service group name)

Type: string

Format: string-rlx

Mutual Exclusion: forward and drop are mutually exclusive

Reference Object: /axapi/v3/slb/service-group

max-cache-entry-size

Description: Define maximum cache entry size (Maximum cache entry size per VIP)

Type: number

Range: 1-4096

max-cache-size

Description: Define maximum cache size (Maximum cache entry per VIP)

Type: number

max-query-length

Description: Define Maximum DNS Query Length, default is unlimited (Specify Maximum Length)

Type: number

Range: 1-4095

name

Description: DNS Template Name

Type: string

Format: string-rlx

period

Description: Period in minutes

Type: number

Range: 1-10000

query-id-switch

Description: Use DNS query ID to create sesion

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

redirect-to-tcp-port

Description: Direct the client to retry with TCP for DNS UDP request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

dns-list.class-list

Specification
Type object

lid-list

Description: lid-list is a JSON List . Please see below for l211_lid-list

Type: List

Reference Object: /axapi/v3/slb/template/dns/{name}/class-list/lid/{lidnum}

name

Description: Specify a class list name

Type: string

uuid

Description: uuid of the object

Type: string

dns-list.class-list.lid-list

Specification
Type list
Block object keys

action-value

Description: ‘dns-cache-disable’: Disable DNS cache when it exceeds limit; ‘dns-cache-enable’: Enable DNS cache when it exceeds limit; ‘forward’: Forward the traffic even it exceeds limit;

Type: string

Supported Values: dns-cache-disable, dns-cache-enable, forward

conn-rate-limit

Description: Connection rate limit

Type: number

Range: 1-2147483647

dns

Description: dns is a JSON Block . Please see below for l211_dns

Type: Object

lidnum

Description: Specify a limit ID

Type: number

Range: 1-31

lockout

Description: Don’t accept any new connection for certain time (Lockout duration in minutes)

Type: number

Range: 1-1023

log

Description: Log a message

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-interval

Description: Log interval (minute, by default system will log every over limit instance)

Type: number

Range: 1-255

over-limit-action

Description: Action when exceeds limit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

per

Description: Per (Number of 100ms)

Type: number

Range: 1-65535

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

dns-list.class-list.lid-list.dns

Specification
Type object

cache-action

Description: ‘cache-disable’: Disable dns cache; ‘cache-enable’: Enable dns cache;

Type: string

Supported Values: cache-disable, cache-enable

Default: cache-disable

ttl

Description: TTL for cache entry (TTL in seconds)

Type: number

Range: 1-65535

weight

Description: Weight for cache entry

Type: number

Range: 1-7

ssli-list

Specification
Type list
Block object keys

name

Description: SSLi Template Name

Type: string

Format: string-rlx

type

Description: ‘http’: HTTP service; ‘xmpp’: XMPP service; ‘smtp’: SMTP service; ‘pop’: POP service;

Type: string

Supported Values: http, xmpp, smtp, pop

Default: http

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

http-list

Specification
Type list
Block object keys

bypass-sg

Description: Select service group for non-http traffic (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

client-ip-hdr-replace

Description: Replace the existing header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

client-port-hdr-replace

Description: Replace the existing header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

compression-auto-disable-on-high-cpu

Description: Auto-disable software compression on high cpu usage (Disable compression if cpu usage is above threshold. Default is off.)

Type: number

Range: 1-100

compression-content-type

Description: compression-content-type is a JSON List . Please see below for l211_compression-content-type

Type: List

compression-enable

Description: Enable Compression

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

compression-exclude-content-type

Description: compression-exclude-content-type is a JSON List . Please see below for l211_compression-exclude-content-type

Type: List

compression-exclude-uri

Description: compression-exclude-uri is a JSON List . Please see below for l211_compression-exclude-uri

Type: List

compression-keep-accept-encoding

Description: Keep accept encoding

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

compression-keep-accept-encoding-enable

Description: Enable Server Accept Encoding

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

compression-level

Description: compression level, default 1 (compression level value, default is 1)

Type: number

Range: 1-9

Default: 1

compression-minimum-content-length

Description: Minimum Content Length (Minimum content length for compression in bytes. Default is 120.)

Type: number

Range: 1-2147483647

Default: 120

failover-url

Description: Failover to this URL (Failover URL Name)

Type: string

Format: string-rlx

host-switching

Description: host-switching is a JSON List . Please see below for l211_host-switching

Type: List

insert-client-ip

Description: Insert Client IP address into HTTP header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

insert-client-ip-header-name

Description: HTTP Header Name for inserting Client IP

Type: string

insert-client-port

Description: Insert Client Port address into HTTP header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

insert-client-port-header-name

Description: HTTP Header Name for inserting Client Port

Type: string

keep-client-alive

Description: Keep client alive

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-retry

Description: log when HTTP request retry

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: HTTP Template Name

Type: string

Format: string-rlx

non-http-bypass

Description: Bypass non-http traffic instead of dropping

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

rd-port

Description: Port (Port Number)

Type: number

Range: 1-65535

Mutual Exclusion: rd-port and rd-simple-loc are mutually exclusive

rd-resp-code

Description: ‘301’: Moved Permanently; ‘302’: Found; ‘303’: See Other; ‘307’: Temporary Redirect;

Type: string

Supported Values: 301, 302, 303, 307

rd-secure

Description: Use HTTPS

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: rd-secure and rd-simple-loc are mutually exclusive

rd-simple-loc

Description: Redirect location tag absolute URI string

Type: string

Format: string-rlx

Mutual Exclusion: rd-simple-loc rd-secure and rd-port are mutually exclusive

redirect

Description: Automatically send a redirect response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

redirect-rewrite

Description: redirect-rewrite is a JSON Block . Please see below for l211_redirect-rewrite

Type: Object

req-hdr-wait-time

Description: HTTP request header wait time before abort connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

req-hdr-wait-time-val

Description: Number of seconds wait for client request header (default is 7)

Type: number

Range: 1-31

Default: 7

request-header-erase-list

Description: request-header-erase-list is a JSON List . Please see below for l211_request-header-erase-list

Type: List

request-header-insert-list

Description: request-header-insert-list is a JSON List . Please see below for l211_request-header-insert-list

Type: List

request-line-case-insensitive

Description: Parse http request line as case insensitive

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

response-content-replace-list

Description: response-content-replace-list is a JSON List . Please see below for l211_response-content-replace-list

Type: List

response-header-erase-list

Description: response-header-erase-list is a JSON List . Please see below for l211_response-header-erase-list

Type: List

response-header-insert-list

Description: response-header-insert-list is a JSON List . Please see below for l211_response-header-insert-list

Type: List

retry-on-5xx

Description: Retry http request on HTTP 5xx code

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: retry-on-5xx and retry-on-5xx-per-req are mutually exclusive

retry-on-5xx-per-req

Description: Retry http request on HTTP 5xx code for each request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: retry-on-5xx-per-req and retry-on-5xx are mutually exclusive

retry-on-5xx-per-req-val

Description: Number of times to retry (default is 3)

Type: number

Range: 1-3

Default: 3

retry-on-5xx-val

Description: Number of times to retry (default is 3)

Type: number

Range: 1-3

Default: 3

strict-transaction-switch

Description: Force server selection on every HTTP request

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template

Description: template is a JSON Block . Please see below for l211_template

Type: Object

term-11client-hdr-conn-close

Description: Terminate HTTP 1.1 client when req has Connection: close

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

url-hash-first

Description: Use the begining part of URL to calculate hash value (URL string length to calculate hash value)

Type: number

Range: 4-128

Mutual Exclusion: url-hash-first and url-hash-last are mutually exclusive

url-hash-last

Description: Use the end part of URL to calculate hash value (URL string length to calculate hash value)

Type: number

Range: 4-128

Mutual Exclusion: url-hash-last and url-hash-first are mutually exclusive

url-hash-offset

Description: Skip part of URL to calculate hash value (Offset of the URL string)

Type: number

Range: 0-255

url-hash-persist

Description: Use URL’s hash value to select server

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

url-switching

Description: url-switching is a JSON List . Please see below for l211_url-switching

Type: List

use-server-status

Description: Use Server-Status header to do URL hashing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

http-list.request-header-erase-list

Specification
Type list
Block object keys

request-header-erase

Description: Erase a header from HTTP request (Header Name)

Type: string

Format: string-rlx

http-list.redirect-rewrite

Specification
Type object

match-list

Description: match-list is a JSON List . Please see below for l211_match-list

Type: List

redirect-secure

Description: Use HTTPS

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

redirect-secure-port

Description: Port (Port Number)

Type: number

Range: 1-65535

Default: 443

http-list.redirect-rewrite.match-list

Specification
Type list
Block object keys

redirect-match

Description: URL Matching (Pattern URL String)

Type: string

Format: string-rlx

rewrite-to

Description: Rewrite to Destination URL String

Type: string

Format: string-rlx

http-list.response-header-insert-list

Specification
Type list
Block object keys

response-header-insert

Description: Insert a header into HTTP response (Header Content (Format: “[name]: [value]”))

Type: string

Format: string-rlx

response-header-insert-type

Description: ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;

Type: string

Supported Values: insert-if-not-exist, insert-always

http-list.response-header-erase-list

Specification
Type list
Block object keys

response-header-erase

Description: Erase a header from HTTP response (Header Name)

Type: string

Format: string-rlx

http-list.template

Specification
Type object

logging

Description: Logging template (Logging Config name)

Type: string

Reference Object: /axapi/v3/slb/template/logging

http-list.url-switching

Specification
Type list
Block object keys

url-match-string

Description: URL String

Type: string

Format: string-rlx

url-service-group

Description: Create a Service Group comprising Servers (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

url-switching-type

Description: ‘contains’: Select service group if URL string contains another string; ‘ends-with’: Select service group if URL string ends with another string; ‘equals’: Select service group if URL string equals another string; ‘starts-with’: Select service group if URL string starts with another string; ‘url-case-insensitive’: Case insensitive URL switching; ‘url-hits-enable’: Enables URL Hits;

Type: string

Supported Values: contains, ends-with, equals, starts-with, url-case-insensitive, url-hits-enable

http-list.host-switching

Specification
Type list
Block object keys

host-match-string

Description: Hostname String

Type: string

Format: string-rlx

host-service-group

Description: Create a Service Group comprising Servers (Service Group Name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/service-group

host-switching-type

Description: ‘contains’: Select service group if hostname contains another string; ‘ends-with’: Select service group if hostname ends with another string; ‘equals’: Select service group if hostname equals another string; ‘starts-with’: Select service group if hostname starts with another string; ‘host-hits-enable’: Enables Host Hits counters;

Type: string

Supported Values: contains, ends-with, equals, starts-with, host-hits-enable

http-list.response-content-replace-list

Specification
Type list
Block object keys

response-content-replace

Description: replace the data from HTTP response content (String in the http content need to be replaced)

Type: string

Format: string-rlx

response-new-string

Description: String will be in the http content

Type: string

Format: string-rlx

http-list.request-header-insert-list

Specification
Type list
Block object keys

request-header-insert

Description: Insert a header into HTTP request (Header Content (Format: “[name]: [value]”))

Type: string

Format: string-rlx

request-header-insert-type

Description: ‘insert-if-not-exist’: Only insert the header when it does not exist; ‘insert-always’: Always insert the header even when there is a header with the same name;

Type: string

Supported Values: insert-if-not-exist, insert-always

http-list.compression-content-type

Specification
Type list
Block object keys

content-type

Description: Compression content-type

Type: string

Format: string-rlx

http-list.compression-exclude-uri

Specification
Type list
Block object keys

exclude-uri

Description: Compression exclude uri

Type: string

Format: string-rlx

http-list.compression-exclude-content-type

Specification
Type list
Block object keys

exclude-content-type

Description: Compression exclude content-type (Compression exclude content type)

Type: string

Format: string-rlx

virtual-port-list

Specification
Type list
Block object keys

aflow

Description: Use aFlow to eliminate the traffic surge

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-syn-otherflags

Description: Allow initial SYN packet with other flags

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-vip-to-rport-mapping

Description: Allow mapping of VIP to real port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

conn-limit

Description: Connection limit

Type: number

Range: 1-8000000

Default: 8000000

conn-limit-no-logging

Description: Do not log connection over limit event

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

conn-limit-reset

Description: Send client reset when connection over limit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

conn-rate-limit

Description: Connection rate limit

Type: number

Range: 1-1048575

conn-rate-limit-no-logging

Description: Do not log connection over limit event

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

conn-rate-limit-reset

Description: Send client reset when connection rate over limit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-unknown-conn

Description: Drop conection if receives TCP packet without SYN or RST flag and it does not belong to any existing connections

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dscp

Description: Differentiated Services Code Point (DSCP to Real Server IP Mapping Value)

Type: number

Range: 1-63

ignore-tcp-msl

Description: reclaim TCP resource immediately without MSL

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: Virtual port template name

Type: string

Format: string-rlx

Default: default

rate-interval

Description: ‘100ms’: Use 100 ms as sampling interval; ‘second’: Use 1 second as sampling interval;

Type: string

Supported Values: 100ms, second

Default: second

reset-l7-on-failover

Description: Send reset to L7 client and server connection upon a failover

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

reset-unknown-conn

Description: Send reset back if receives TCP packet without SYN or RST flag and it does not belong to any existing connections

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

snat-msl

Description: Source NAT MSL (Source NAT MSL value)

Type: number

Range: 1-1800

snat-port-preserve

Description: Source NAT Port Preservation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

cipher-list

Specification
Type list
Block object keys

cipher-cfg

Description: cipher-cfg is a JSON List . Please see below for l211_cipher-cfg

Type: List

name

Description: Cipher Template Name

Type: string

Format: string-rlx

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

cipher-list.cipher-cfg

Specification
Type list
Block object keys

cipher-suite

Description: ‘SSL3_RSA_DES_192_CBC3_SHA’: SSL3_RSA_DES_192_CBC3_SHA; ‘SSL3_RSA_DES_40_CBC_SHA’: SSL3_RSA_DES_40_CBC_SHA; ‘SSL3_RSA_DES_64_CBC_SHA’: SSL3_RSA_DES_64_CBC_SHA; ‘SSL3_RSA_RC4_128_MD5’: SSL3_RSA_RC4_128_MD5; ‘SSL3_RSA_RC4_128_SHA’: SSL3_RSA_RC4_128_SHA; ‘SSL3_RSA_RC4_40_MD5’: SSL3_RSA_RC4_40_MD5; ‘TLS1_RSA_AES_128_SHA’: TLS1_RSA_AES_128_SHA; ‘TLS1_RSA_AES_256_SHA’: TLS1_RSA_AES_256_SHA; ‘TLS1_RSA_EXPORT1024_RC4_56_MD5’: TLS1_RSA_EXPORT1024_RC4_56_MD5; ‘TLS1_RSA_EXPORT1024_RC4_56_SHA’: TLS1_RSA_EXPORT1024_RC4_56_SHA; ‘TLS1_RSA_AES_128_SHA256’: TLS1_RSA_AES_128_SHA256; ‘TLS1_RSA_AES_256_SHA256’: TLS1_RSA_AES_256_SHA256; ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS1_DHE_RSA_AES_128_GCM_SHA256; ‘TLS1_DHE_RSA_AES_128_SHA’: TLS1_DHE_RSA_AES_128_SHA; ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS1_DHE_RSA_AES_128_SHA256; ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS1_DHE_RSA_AES_256_GCM_SHA384; ‘TLS1_DHE_RSA_AES_256_SHA’: TLS1_DHE_RSA_AES_256_SHA; ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS1_DHE_RSA_AES_256_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS1_ECDHE_ECDSA_AES_128_SHA; ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS1_ECDHE_ECDSA_AES_128_SHA256; ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS1_ECDHE_ECDSA_AES_256_SHA; ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS1_ECDHE_RSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS1_ECDHE_RSA_AES_128_SHA; ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS1_ECDHE_RSA_AES_128_SHA256; ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS1_ECDHE_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS1_ECDHE_RSA_AES_256_SHA;

Type: string

Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_DES_40_CBC_SHA, SSL3_RSA_DES_64_CBC_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, SSL3_RSA_RC4_40_MD5, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_EXPORT1024_RC4_56_MD5, TLS1_RSA_EXPORT1024_RC4_56_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA

priority

Description: Cipher priority (Cipher priority (default 1))

Type: number

Range: 1-100

Default: 1

policy-list

Specification
Type list
Block object keys

bw-list-id

Description: bw-list-id is a JSON List . Please see below for l211_bw-list-id

Type: List

bw-list-name

Description: Specify a blacklist/whitelist name

Type: string

Format: string-rlx

class-list

Description: class-list is a JSON Block . Please see below for l211_class-list

Type: Object

Reference Object: /axapi/v3/slb/template/policy/{name}/class-list

forward-policy

Description: forward-policy is a JSON Block . Please see below for l211_forward-policy

Type: Object

Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy

full-domain-tree

Description: Share counters between geo-location and sub regions

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

interval

Description: Log interval (minute)

Type: number

Range: 1-255

name

Description: Policy template name

Type: string

Format: string-rlx

over-limit

Description: Specify operation in case over limit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

over-limit-lockup

Description: Don’t accept any new connection for certain time (Lockup duration (minute))

Type: number

Range: 1-127

over-limit-logging

Description: Log a message

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

over-limit-reset

Description: Reset the connection when it exceeds limit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

overlap

Description: Use overlap mode for geo-location to do longest match

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l211_sampling-enable

Type: List

share

Description: Share counters between virtual ports and virtual servers

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

timeout

Description: Define timeout value of PBSLB dynamic entry (Timeout value (minute, default is 5))

Type: number

Range: 1-127

Default: 5

use-destination-ip

Description: Use destination IP to match the policy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

policy-list.forward-policy

Specification
Type object

action-list

Description: action-list is a JSON List . Please see below for l211_action-list

Type: List

Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/action/{name}

filtering

Description: filtering is a JSON List . Please see below for l211_filtering

Type: List

no-client-conn-reuse

Description: Inspects only first request of a connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

source-list

Description: source-list is a JSON List . Please see below for l211_source-list

Type: List

Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}

uuid

Description: uuid of the object

Type: string

policy-list.forward-policy.action-list

Specification
Type list
Block object keys

action1

Description: ‘forward-to-internet’: Forward request to Internet; ‘forward-to-service-group’: Forward request to service group; ‘drop’: Drop request;

Type: string

Supported Values: forward-to-internet, forward-to-service-group, drop

drop-message

Description: drop-message sent to the client as webpage(html tags are included and quotation marks are required for white spaces)

Type: string

Format: string-rlx

Mutual Exclusion: drop-message and drop-redirect-url are mutually exclusive

drop-redirect-url

Description: Specify URL to which client request is redirected upon being dropped

Type: string

Format: string-rlx

Mutual Exclusion: drop-redirect-url and drop-message are mutually exclusive

fake-sg

Description: service group to forward the packets to Internet

Type: string

fall-back

Description: Fallback service group for Internet

Type: string

fall-back-snat

Description: Source NAT pool or pool group for fallback server

Type: string

forward-snat

Description: Source NAT pool or pool group

Type: string

http-status-code

Description: ‘301’: Moved permanently; ‘302’: Found;

Type: string

Supported Values: 301, 302

Default: 302

log

Description: enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: Action policy name

Type: string

proxy-chaining

Description: Enable proxy chaining feature

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

real-sg

Description: service group to forward the packets

Type: string

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l211_sampling-enable

Type: List

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

policy-list.forward-policy.action-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘hits’: Number of requests matching this destination rule;

Type: string

Supported Values: all, hits

policy-list.forward-policy.filtering

Specification
Type list
Block object keys

ssli-url-filtering

Description: ‘bypassed-sni-disable’: Disable SNI filtering for bypassed URL’s(enabled by default); ‘intercepted-sni-enable’: Enable SNI filtering for intercepted URL’s(disabled by default); ‘intercepted-http-disable’: Disable HTTP(host/URL) filtering for intercepted URL’s(enabled by default); ‘no-sni-allow’: Allow connection if SNI filtering is enabled and SNI header is not present(Drop by default);

Type: string

Supported Values: bypassed-sni-disable, intercepted-sni-enable, intercepted-http-disable, no-sni-allow

policy-list.forward-policy.source-list

Specification
Type list
Block object keys

class-list-next

Description: Class List Name

Type: string

Reference Object: /axapi/v3/class-list

destination

Description: destination is a JSON Block . Please see below for l211_destination

Type: Object

Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination

match-any

Description: Match any source

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: match-any and match-class-list are mutually exclusive

match-class-list

Description: Class List Name

Type: string

Mutual Exclusion: match-class-list and match-any are mutually exclusive

Reference Object: /axapi/v3/class-list

name

Description: source destination match rule name

Type: string

operation

Description: ‘or’: Logical OR on source class list;

Type: string

Supported Values: or

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l211_sampling-enable

Type: List

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

policy-list.forward-policy.source-list.destination

Specification
Type object

any

Description: any is a JSON Block . Please see below for l211_any

Type: Object

Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/any

class-list-list

Description: class-list-list is a JSON List . Please see below for l211_class-list-list

Type: List

Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/class-list/{dest-class-list}

web-category-list-list

Description: web-category-list-list is a JSON List . Please see below for l211_web-category-list-list

Type: List

Reference Object: /axapi/v3/slb/template/policy/{name}/forward-policy/source/{name}/destination/web-category-list/{web-category-list}

policy-list.forward-policy.source-list.destination.class-list-list

Specification
Type list
Block object keys

action

Description: Action to be performed

Type: string

dest-class-list

Description: Destination Class List Name

Type: string

Reference Object: /axapi/v3/class-list

priority

Description: Priority value of the action(higher the number higher the priority)

Type: number

Range: 1-1024

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l211_sampling-enable

Type: List

type

Description: ‘host’: Match hostname; ‘url’: match URL;

Type: string

Supported Values: host, url

uuid

Description: uuid of the object

Type: string

policy-list.forward-policy.source-list.destination.class-list-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘hits’: Number of requests matching this destination rule;

Type: string

Supported Values: all, hits

policy-list.forward-policy.source-list.destination.web-category-list-list

Specification
Type list
Block object keys

action

Description: Action to be performed

Type: string

priority

Description: Priority value of the action(higher the number higher the priority)

Type: number

Range: 1-1024

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l211_sampling-enable

Type: List

type

Description: ‘host’: Match hostname; ‘url’: match URL;

Type: string

Supported Values: host, url

uuid

Description: uuid of the object

Type: string

web-category-list

Description: Destination Class List Name

Type: string

Format: string-rlx

Reference Object: /axapi/v3/web-category/category-list

policy-list.forward-policy.source-list.destination.web-category-list-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘hits’: Number of requests matching this destination rule;

Type: string

Supported Values: all, hits

policy-list.forward-policy.source-list.destination.any

Specification
Type object

action

Description: Action to be performed

Type: string

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l211_sampling-enable

Type: List

uuid

Description: uuid of the object

Type: string

policy-list.forward-policy.source-list.destination.any.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘hits’: Number of requests matching this destination rule;

Type: string

Supported Values: all, hits

policy-list.forward-policy.source-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘hits’: Number of requests matching this source rule; ‘destination-match-not-found’: Number of requests without matching destination rule; ‘no-host-info’: Failed to parse ip or host information from request;

Type: string

Supported Values: all, hits, destination-match-not-found, no-host-info

policy-list.class-list

Specification
Type object

client-ip-l3-dest

Description: Use destination IP as client IP address

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: client-ip-l3-dest and client-ip-l7-header are mutually exclusive

client-ip-l7-header

Description: Use extract client IP address from L7 header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: client-ip-l7-header and client-ip-l3-dest are mutually exclusive

header-name

Description: Specify L7 header name

Type: string

lid-list

Description: lid-list is a JSON List . Please see below for l211_lid-list

Type: List

Reference Object: /axapi/v3/slb/template/policy/{name}/class-list/lid/{lidnum}

name

Description: Class list name or geo-location-class-list name

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

policy-list.class-list.lid-list

Specification
Type list
Block object keys

action-value

Description: ‘forward’: Forward the traffic even it exceeds limit; ‘reset’: Reset the connection when it exceeds limit;

Type: string

Supported Values: forward, reset

bw-per

Description: Per (Specify interval in number of 100ms)

Type: number

Range: 1-65535

bw-rate-limit

Description: Specify bandwidth rate limit (Bandwidth rate limit in bytes)

Type: number

Range: 1-2147483647

conn-limit

Description: Connection limit

Type: number

Range: 0-1048575

conn-per

Description: Per (Specify interval in number of 100ms)

Type: number

Range: 1-65535

conn-rate-limit

Description: Specify connection rate limit

Type: number

Range: 1-2147483647

dns64

Description: dns64 is a JSON Block . Please see below for l211_dns64

Type: Object

interval

Description: Specify log interval in minutes, by default system will log every over limit instance

Type: number

Range: 1-255

lidnum

Description: Specify a limit ID

Type: number

Range: 1-31

lockout

Description: Don’t accept any new connection for certain time (Lockout duration in minutes)

Type: number

Range: 1-1023

log

Description: Log a message

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

over-limit-action

Description: Set action when exceeds limit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

request-limit

Description: Request limit (Specify request limit)

Type: number

Range: 1-1048575

request-per

Description: Per (Specify interval in number of 100ms)

Type: number

Range: 1-65535

request-rate-limit

Description: Request rate limit (Specify request rate limit)

Type: number

Range: 1-4294967295

response-code-rate-limit

Description: response-code-rate-limit is a JSON List . Please see below for l211_response-code-rate-limit

Type: List

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

policy-list.class-list.lid-list.dns64

Specification
Type object

disable

Description: Disable

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exclusive-answer

Description: Exclusive Answer in DNS Response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

prefix

Description: IPv6 prefix

Type: string

Format: ipv6-address-plen

policy-list.class-list.lid-list.response-code-rate-limit

Specification
Type list
Block object keys

code-range-end

Description: server response code range end

Type: number

Range: 100-600

code-range-start

Description: server response code range start

Type: number

Range: 100-600

period

Description: seconds

Type: number

Range: 1-127

threshold

Description: the times of getting the response code

Type: number

Range: 1-15

policy-list.bw-list-id

Specification
Type list
Block object keys

action-interval

Description: Specify logging interval in minute (default is 3)

Type: number

Range: 0-60

Default: 3

bw-list-action

Description: ‘drop’: drop the packet; ‘reset’: Send reset back;

Type: string

Supported Values: drop, reset

Mutual Exclusion: bw-list-action and service-group are mutually exclusive

fail

Description: Only log unsuccessful connections

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

id

Description: Specify id that maps to service group (The id number)

Type: number

Range: 0-31

logging-drp-rst

Description: Configure PBSLB logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

pbslb-interval

Description: Specify logging interval in minutes

Type: number

Range: 0-60

Default: 3

pbslb-logging

Description: Configure PBSLB logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

service-group

Description: Specify a service group (Specify the service group name)

Type: string

Format: string-rlx

Mutual Exclusion: service-group and bw-list-action are mutually exclusive

Reference Object: /axapi/v3/slb/service-group

policy-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘fwd-policy-dns-unresolved’: Forward-policy unresolved DNS queries; ‘fwd-policy-dns-outstanding’: Forward-policy current DNS outstanding requests; ‘fwd-policy-snat-fail’: Forward-policy source-nat translation failure; ‘fwd-policy-hits’: Number of forward-policy requests for this policy template; ‘fwd-policy-forward-to-internet’: Number of forward-policy requests forwarded to internet; ‘fwd-policy-forward-to-service-group’: Number of forward-policy requests forwarded to service group; ‘fwd-policy-policy-drop’: Number of forward-policy requests dropped; ‘fwd-policy-source-match-not-found’: Forward-policy requests without matching source rule; ‘exp_client_hello_not_found’: Expected Client HELLO requests not found;

Type: string

Supported Values: all, fwd-policy-dns-unresolved, fwd-policy-dns-outstanding, fwd-policy-snat-fail, fwd-policy-hits, fwd-policy-forward-to-internet, fwd-policy-forward-to-service-group, fwd-policy-policy-drop, fwd-policy-source-match-not-found, exp_client_hello_not_found

server-list

Specification
Type list
Block object keys

add

Description: Slow start connection limit add by a number every interval (Add by this number every interval)

Type: number

Range: 1-4095

Mutual Exclusion: add and times are mutually exclusive

conn-limit

Description: Connection limit

Type: number

Range: 1-8000000

Default: 8000000

conn-limit-no-logging

Description: Do not log connection over limit event

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

conn-rate-limit

Description: Connection rate limit

Type: number

Range: 1-1048575

conn-rate-limit-no-logging

Description: Do not log connection over limit event

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-query-interval

Description: The interval to query DNS server for the hostname (DNS query interval (in minute, default is 10))

Type: number

Range: 1-1440

Default: 10

dynamic-server-prefix

Description: Prefix of dynamic server (Prefix of dynamic server (default is “DRS”))

Type: string

Default: DRS

every

Description: Slow start connection limit increment interval (default 10)

Type: number

Range: 1-60

Default: 10

extended-stats

Description: Enable extended statistics on real server

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

health-check

Description: Health Check Monitor (Health monitor name)

Type: string

Mutual Exclusion: health-check and health-check-disable are mutually exclusive

Reference Object: /axapi/v3/health/monitor

health-check-disable

Description: Disable configured health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check-disable and health-check are mutually exclusive

initial-slow-start

Description: Initial slow start connection limit (default 128)

Type: number

Range: 1-4095

Default: 128

log-selection-failure

Description: Enable real-time logging for server selection failure event

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-dynamic-server

Description: Maximum dynamic server number (Maximum dynamic server number (default is 255))

Type: number

Range: 1-1023

Default: 255

min-ttl-ratio

Description: Minimum TTL to DNS query interval ratio (Minimum TTL ratio (default is 2))

Type: number

Range: 1-15

Default: 2

name

Description: Server template name

Type: string

Format: string-rlx

Default: default

rate-interval

Description: ‘100ms’: Use 100 ms as sampling interval; ‘second’: Use 1 second as sampling interval;

Type: string

Supported Values: 100ms, second

Default: second

resume

Description: Resume accepting new connection after connection number drops below threshold (Connection resume threshold)

Type: number

Range: 1-1048575

slow-start

Description: Slowly ramp up the connection number after server is up

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

spoofing-cache

Description: Servers under the template are spoofing cache

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

stats-data-action

Description: ‘stats-data-enable’: Enable statistical data collection for real server; ‘stats-data-disable’: Disable statistical data collection for real server;

Type: string

Supported Values: stats-data-enable, stats-data-disable

Default: stats-data-enable

till

Description: Slow start ends when slow start connection limit reaches a number (default 4096) (Slow start ends when connection limit reaches this number)

Type: number

Range: 1-65535

Default: 4096

times

Description: Slow start connection limit multiply by a number every interval (default 2) (Multiply by this number every interval)

Type: number

Range: 2-10

Default: 2

Mutual Exclusion: times and add are mutually exclusive

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

weight

Description: Weight for the Real Servers (Connection Weight)

Type: number

Range: 1-100

monitor-list

Specification
Type list
Block object keys

clear-cfg

Description: clear-cfg is a JSON List . Please see below for l211_clear-cfg

Type: List

id

Description: Monitor template ID Number

Type: number

Range: 1-16

link-disable-cfg

Description: link-disable-cfg is a JSON List . Please see below for l211_link-disable-cfg

Type: List

link-down-cfg

Description: link-down-cfg is a JSON List . Please see below for l211_link-down-cfg

Type: List

link-enable-cfg

Description: link-enable-cfg is a JSON List . Please see below for l211_link-enable-cfg

Type: List

link-up-cfg

Description: link-up-cfg is a JSON List . Please see below for l211_link-up-cfg

Type: List

monitor-relation

Description: ‘monitor-and’: Configures the monitors in current template to work with AND logic; ‘monitor-or’: Configures the monitors in current template to work with OR logic;

Type: string

Supported Values: monitor-and, monitor-or

Default: monitor-and

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

monitor-list.clear-cfg

Specification
Type list
Block object keys

clear-all-sequence

Description: Sequence number (Specify the port physical port number)

Type: number

Range: 1-16

clear-sequence

Description: Specify the port physical port number

Type: number

Range: 1-16

sessions

Description: ‘all’: Clear all sessions; ‘sequence’: Sequence number;

Type: string

Supported Values: all, sequence

tcp-proxy-list

Specification
Type list
Block object keys

ack-aggressiveness

Description: ‘low’: Delayed ACK; ‘medium’: Delayed ACK, with ACK on each packet with PUSH flag; ‘high’: ACK on each packet;

Type: string

Supported Values: low, medium, high

Default: low

alive-if-active

Description: keep connection alive if active traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

backend-wscale

Description: The TCP window scale used for the server side, default is off (number)

Type: number

Range: 1-14

dynamic-buffer-allocation

Description: Optimally adjust the transmit and receive buffer sizes of TCP proxy while keeping their sum constant

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fin-timeout

Description: FIN timeout (sec), default is 5 (number)

Type: number

Range: 1-60

Default: 5

force-delete-timeout

Description: The maximum time that a session can stay in the system before being deleted, default is off (number (second))

Type: number

Range: 1-31

Mutual Exclusion: force-delete-timeout and force-delete-timeout-100ms are mutually exclusive

force-delete-timeout-100ms

Description: The maximum time that a session can stay in the system before being deleted, default is off (number in 100ms)

Type: number

Range: 1-31

Mutual Exclusion: force-delete-timeout-100ms and force-delete-timeout are mutually exclusive

half-close-idle-timeout

Description: TCP Half Close Idle Timeout (sec), default is off (number)

Type: number

Range: 60-120

half-open-idle-timeout

Description: TCP Half Open Idle Timeout (sec), default is off (number)

Type: number

Range: 1-60

idle-timeout

Description: Idle Timeout (sec), default is 600 (number)

Type: number

Range: 1-2097151

Default: 600

init-cwnd

Description: The initial congestion control window size (packets), default is 10 (number)

Type: number

Range: 1-15

Default: 10

initial-window-size

Description: Set the initial window size, default is off (number)

Type: number

Range: 1-65535

insert-client-ip

Description: Insert client ip into TCP option

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

keepalive-interval

Description: Interval between keepalive probes (sec), default is off (number)

Type: number

Range: 60-12000

keepalive-probes

Description: Number of keepalive probes sent, default is off

Type: number

Range: 2-10

mss

Description: Responding MSS to use if client MSS is large, default is off (number)

Type: number

Range: 128-1460

Default: 1460

nagle

Description: Enable Nagle Algorithm

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: TCP Proxy Template Name

Type: string

Format: string-rlx

Default: default

qos

Description: QOS level (number)

Type: number

Range: 1-63

receive-buffer

Description: TCP Receive Buffer (default 50k) (number)

Type: number

Range: 1-2147483647

Default: 51200

reno

Description: Enable Reno Congestion Control Algorithm

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

reset-fwd

Description: send reset to server if error happens

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

reset-rev

Description: send reset to client if error happens

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

retransmit-retries

Description: Number of Retries for Retransmit, default is 3

Type: number

Range: 1-20

Default: 3

server-down-action

Description: ‘FIN’: FIN Connection; ‘RST’: Reset Connection;

Type: string

Supported Values: FIN, RST

syn-retries

Description: SYN Retry Numbers, default is 5

Type: number

Range: 1-20

Default: 5

timewait

Description: Timewait Threshold (sec), default 5 (number)

Type: number

Range: 1-60

Default: 5

transmit-buffer

Description: TCP Transmit Buffer (default 50k) (number)

Type: number

Range: 1-2147483647

Default: 51200

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

ftp-list

Specification
Type list
Block object keys

active-mode-port

Description: Non-Standard FTP Active mode port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

active-mode-port-val

Description: Non-Standard FTP Active mode port

Type: number

Range: 1-65534

Mutual Exclusion: active-mode-port-val and any are mutually exclusive

any

Description: Allow any FTP Active mode port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: any and active-mode-port-val are mutually exclusive

name

Description: FTP template name

Type: string

Format: string-rlx

to

Description: End range of FTP Active mode port

Type: number

Range: 1-65534

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

imap-pop3-list

Specification
Type list
Block object keys

logindisabled

Description: Disable Login before STARTTLS.Works only for imap

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description: IMAP-POP3 Template Name

Type: string

Format: string-rlx

starttls

Description: ‘disabled’: Disable STARTTLS; ‘optional’: STARTTLS is optional requirement; ‘enforced’: Must issue STARTTLS command before imap transaction;

Type: string

Supported Values: disabled, optional, enforced

Default: disabled

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

server-ssl-list

Specification
Type list
Block object keys

alert-type

Description: ‘fatal’: Log fatal alerts;

Type: string

Supported Values: fatal

ca-certs

Description: ca-certs is a JSON List . Please see below for l211_ca-certs

Type: List

cert

Description: Specify Client certificate (Certificate Name)

Type: string

cipher-template

Description: Cipher Template (Cipher Config Name)

Type: string

Mutual Exclusion: cipher-template and cipher-wo-prio are mutually exclusive

Reference Object: /axapi/v3/slb/template/cipher

cipher-without-prio-list

Description: cipher-without-prio-list is a JSON List . Please see below for l211_cipher-without-prio-list

Type: List

close-notify

Description: Send close notification when terminate connection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

crl-certs

Description: crl-certs is a JSON List . Please see below for l211_crl-certs

Type: List

dgversion

Description: Lower TLS/SSL version can be downgraded

Type: number

Range: 30-33

dh-type

Description: ‘1024’: 1024; ‘1024-dsa’: 1024-dsa; ‘2048’: 2048; ‘512’: 512;

Type: string

Supported Values: 1024, 1024-dsa, 2048, 512

ec-list

Description: ec-list is a JSON List . Please see below for l211_ec-list

Type: List

enable-tls-alert-logging

Description: Enable TLS alert logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

forward-proxy-enable

Description: Enable SSL forward proxy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key

Description: Client private-key (Key Name)

Type: string

name

Description: Server SSL Template Name

Type: string

Format: string-rlx

ocsp-stapling

Description: Enable ocsp-stapling support

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

passphrase

Description: Password Phrase

Type: string

Format: password

server-certificate-error

Description: server-certificate-error is a JSON List . Please see below for l211_server-certificate-error

Type: List

session-cache-size

Description: Session Cache Size (Specify 0 to disable Session ID reuse.)

Type: number

Range: 0-128

session-cache-timeout

Description: Session Cache Timeout (Timeout value, in seconds)

Type: number

Range: 1-7200

session-ticket-enable

Description: Enable server side session ticket support

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

use-client-sni

Description: use client SNI

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

version

Description: TLS/SSL version, default is TLS1.0 (TLS/SSL version: 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1 and 33-TLSv1.2)

Type: number

Range: 30-33

server-ssl-list.crl-certs

Specification
Type list
Block object keys

crl

Description: Certificate Revocation Lists (Certificate Revocation Lists file name)

Type: string

server-ssl-list.ec-list

Specification
Type list
Block object keys

ec

Description: ‘secp256r1’: X9_62_prime256v1; ‘secp384r1’: secp384r1;

Type: string

Supported Values: secp256r1, secp384r1

server-ssl-list.server-certificate-error

Specification
Type list
Block object keys

error-type

Description: ‘email’: Notify the error via email; ‘ignore’: Ignore the error, which mean the connection can continue; ‘logging’: Log the error; ‘trap’: Notify the error by SNMP trap;

Type: string

Supported Values: email, ignore, logging, trap

server-ssl-list.ca-certs

Specification
Type list
Block object keys

ca-cert

Description: Specify CA certificate

Type: string

server-ocsp-sg

Description: Specify service-group (Service group name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/aam/authentication/service-group

server-ocsp-srvr

Description: Specify authentication server

Type: string

Format: string-rlx

Reference Object: /axapi/v3/aam/authentication/server/ocsp

server-ssl-list.cipher-without-prio-list

Specification
Type list
Block object keys

cipher-wo-prio

Description: ‘SSL3_RSA_DES_192_CBC3_SHA’: SSL3_RSA_DES_192_CBC3_SHA; ‘SSL3_RSA_DES_40_CBC_SHA’: SSL3_RSA_DES_40_CBC_SHA; ‘SSL3_RSA_DES_64_CBC_SHA’: SSL3_RSA_DES_64_CBC_SHA; ‘SSL3_RSA_RC4_128_MD5’: SSL3_RSA_RC4_128_MD5; ‘SSL3_RSA_RC4_128_SHA’: SSL3_RSA_RC4_128_SHA; ‘SSL3_RSA_RC4_40_MD5’: SSL3_RSA_RC4_40_MD5; ‘TLS1_RSA_AES_128_SHA’: TLS1_RSA_AES_128_SHA; ‘TLS1_RSA_AES_256_SHA’: TLS1_RSA_AES_256_SHA; ‘TLS1_RSA_EXPORT1024_RC4_56_MD5’: TLS1_RSA_EXPORT1024_RC4_56_MD5; ‘TLS1_RSA_EXPORT1024_RC4_56_SHA’: TLS1_RSA_EXPORT1024_RC4_56_SHA; ‘TLS1_RSA_AES_128_SHA256’: TLS1_RSA_AES_128_SHA256; ‘TLS1_RSA_AES_256_SHA256’: TLS1_RSA_AES_256_SHA256; ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS1_DHE_RSA_AES_128_GCM_SHA256; ‘TLS1_DHE_RSA_AES_128_SHA’: TLS1_DHE_RSA_AES_128_SHA; ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS1_DHE_RSA_AES_128_SHA256; ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS1_DHE_RSA_AES_256_GCM_SHA384; ‘TLS1_DHE_RSA_AES_256_SHA’: TLS1_DHE_RSA_AES_256_SHA; ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS1_DHE_RSA_AES_256_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS1_ECDHE_ECDSA_AES_128_SHA; ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS1_ECDHE_ECDSA_AES_128_SHA256; ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS1_ECDHE_ECDSA_AES_256_SHA; ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS1_ECDHE_RSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS1_ECDHE_RSA_AES_128_SHA; ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS1_ECDHE_RSA_AES_128_SHA256; ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS1_ECDHE_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS1_ECDHE_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_GCM_SHA256’: TLS1_RSA_AES_128_GCM_SHA256; ‘TLS1_RSA_AES_256_GCM_SHA384’: TLS1_RSA_AES_256_GCM_SHA384;

Type: string

Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_DES_40_CBC_SHA, SSL3_RSA_DES_64_CBC_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, SSL3_RSA_RC4_40_MD5, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_EXPORT1024_RC4_56_MD5, TLS1_RSA_EXPORT1024_RC4_56_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384

Mutual Exclusion: cipher-wo-prio and cipher-template are mutually exclusive