traffic-proxy ------------- .. osdx:cfgcmd:: service traffic-proxy .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Traffic proxy service :instances: Multiple :ref Required: :ref Required: :ref Required: .. osdx:cfgcmd:: service traffic-proxy disable-ssl-compression .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Disable SSL/TLS compression on all connections This option is useful when the limiting factor is CPU, not network bandwidth .. osdx:cfgcmd:: service traffic-proxy hash-table-size .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Size of hash-table to use for SSL flow tracking :arg u32: Number of elements (4096-65536) .. osdx:cfgcmd:: service traffic-proxy hash-table-timeout .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Timeout of entries in hash-table :arg u32: Timeout in seconds (10-3600) .. osdx:cfgcmd:: service traffic-proxy local-vrf .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE VRF to run traffic proxy on :ref Reference: system vrf * .. osdx:cfgcmd:: service traffic-proxy logging .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enable event logging .. osdx:cfgcmd:: service traffic-proxy logging connection .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Log information about new connections .. osdx:cfgcmd:: service traffic-proxy logging content .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Log information about decrypted content .. osdx:cfgcmd:: service traffic-proxy logging queue .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Show a log in the journal every time a new packet is enqueued .. osdx:cfgcmd:: service traffic-proxy mark .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Mark diverted packets :arg u32: Integer value from 0 to 2147483647 (0-2147483647) .. osdx:cfgcmd:: service traffic-proxy mode .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Proxy operating mode :arg https: Decode HTTP connection, including the removal of HPKP, HSTS, Upgrade and Alternate Protocol :arg pop3s: Decode POP3 connection :arg smtps: Decode SMTP connection :arg ssl: Do not decode SSL connection, decrypted connection content is treated as opaque stream of bytes :arg http: Decode plain HTTP connection :arg pop3: Decode plain POP3 connection :arg smtp: Decode plain STMP connection :arg tcp: Do not decode TCP connection, decrypted connection content is treated as opaque stream of bytes :arg autossl: Do not decode SSL connection, work as protocol-independent STARTTLS support .. osdx:cfgcmd:: service traffic-proxy port .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Local port to use to intercept traffic :arg u32: Numeric port (1-65535) .. osdx:cfgcmd:: service traffic-proxy queue .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Traffic queue where decrypted/decoded packets will be sent :ref Reference: traffic queue * .. osdx:cfgcmd:: service traffic-proxy vrf-mark .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Mark diverted packets using a VRF :ref Reference: system vrf * .. osdx:cfgcmd:: service traffic-proxy x509 .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE X.509 configuration parameters :ref Required: :ref Required: .. osdx:cfgcmd:: service traffic-proxy x509 ca-cert .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg file: CA certificate in PEM format to issue certificates forged on-the-fly .. osdx:cfgcmd:: service traffic-proxy x509 ca-key .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg file: CA private key in PEM format to issue certificates forged on-the-fly .. osdx:cfgcmd:: service traffic-proxy x509 dhparam .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg file: Diffie-Hellman parameters in PEM format .. osdx:cfgcmd:: service traffic-proxy x509 leaf-crl-url .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: URL to use as CRL distribution point CRL for all forged certificates .. osdx:cfgcmd:: service traffic-proxy x509 leaf-key-size .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: Keysize in bits for leaf key RSA