traffic-proxy

service traffic-proxy <id>
SDE M10-Smart M2 Atlas840 RS420 AresC640
Values:

  • id – Traffic proxy service

Instances:

Multiple

Required:

Required:

Required:

service traffic-proxy <id> disable-ssl-compression
SDE M10-Smart M2 Atlas840 RS420 AresC640

Disable SSL/TLS compression on all connections

This option is useful when the limiting factor is CPU, not network bandwidth

service traffic-proxy <id> hash-table-size <u32>
SDE M10-Smart M2 Atlas840 RS420 AresC640

Size of hash-table to use for SSL flow tracking

Values:

  • u32 – Number of elements (4096-65536)

service traffic-proxy <id> hash-table-timeout <u32>
SDE M10-Smart M2 Atlas840 RS420 AresC640

Timeout of entries in hash-table

Values:

  • u32 – Timeout in seconds (10-3600)

service traffic-proxy <id> local-vrf <id>
SDE M10-Smart M2 Atlas840 RS420 AresC640

VRF to run traffic proxy on

Reference:

system vrf <id>

service traffic-proxy <id> logging
SDE M10-Smart M2 Atlas840 RS420 AresC640

Enable event logging

service traffic-proxy <id> logging connection
SDE M10-Smart M2 Atlas840 RS420 AresC640

Log information about new connections

service traffic-proxy <id> logging content
SDE M10-Smart M2 Atlas840 RS420 AresC640

Log information about decrypted content

service traffic-proxy <id> logging queue
SDE M10-Smart M2 Atlas840 RS420 AresC640

Show a log in the journal every time a new packet is enqueued

service traffic-proxy <id> mark <u32>
SDE M10-Smart M2 Atlas840 RS420 AresC640

Mark diverted packets

Values:

  • u32 – Integer value from 0 to 2147483647 (0-2147483647)

service traffic-proxy <id> mode <id>
SDE M10-Smart M2 Atlas840 RS420 AresC640

Proxy operating mode

Values:

  • https – Decode HTTP connection, including the removal of HPKP, HSTS, Upgrade and Alternate Protocol

  • pop3s – Decode POP3 connection

  • smtps – Decode SMTP connection

  • ssl – Do not decode SSL connection, decrypted connection content is treated as opaque stream of bytes

  • http – Decode plain HTTP connection

  • pop3 – Decode plain POP3 connection

  • smtp – Decode plain STMP connection

  • tcp – Do not decode TCP connection, decrypted connection content is treated as opaque stream of bytes

  • autossl – Do not decode SSL connection, work as protocol-independent STARTTLS support

service traffic-proxy <id> port <u32>
SDE M10-Smart M2 Atlas840 RS420 AresC640

Local port to use to intercept traffic

Values:

  • u32 – Numeric port (1-65535)

service traffic-proxy <id> queue <txt>
SDE M10-Smart M2 Atlas840 RS420 AresC640

Traffic queue where decrypted/decoded packets will be sent

Reference:

traffic queue <txt>

service traffic-proxy <id> vrf-mark <id>
SDE M10-Smart M2 Atlas840 RS420 AresC640

Mark diverted packets using a VRF

Reference:

system vrf <id>

service traffic-proxy <id> x509
SDE M10-Smart M2 Atlas840 RS420 AresC640

X.509 configuration parameters

Required:

Required:

service traffic-proxy <id> x509 ca-cert <file>
SDE M10-Smart M2 Atlas840 RS420 AresC640
Values:

  • file – CA certificate in PEM format to issue certificates forged on-the-fly

service traffic-proxy <id> x509 ca-key <file>
SDE M10-Smart M2 Atlas840 RS420 AresC640
Values:

  • file – CA private key in PEM format to issue certificates forged on-the-fly

service traffic-proxy <id> x509 dhparam <file>
SDE M10-Smart M2 Atlas840 RS420 AresC640
Values:

  • file – Diffie-Hellman parameters in PEM format

service traffic-proxy <id> x509 leaf-crl-url <id>
SDE M10-Smart M2 Atlas840 RS420 AresC640
Values:

  • id

    URL to use as CRL distribution point

    CRL for all forged certificates

service traffic-proxy <id> x509 leaf-key-size <u32>
SDE M10-Smart M2 Atlas840 RS420 AresC640
Values:

  • u32 – Keysize in bits for leaf key RSA