def conf_ssl_proxy_cert_identifier(device=None, *args, **kwargs):
"""
SSL Services profile certificate identifier configuration
Example :-
conf_ssl_proxy_cert_identifier(device_handle=device_handle,
sslprofile="sslprofile", certidentifier="ssl-inspect-ca")
conf_ssl_proxy_cert_identifier(device_handle=device_handle, mode="delete",
sslprofile="sslprofile", certidentifier="ssl-inspect-ca")
Robot example :-
conf ssl proxy cert identifier device=$(device) sslprofile=sslprofile
certidentifier="ssl-inspect-ca"
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str sslprofile:
**REQUIRED** ssl proxy profile name
:param str sslplugin:
**REQUIRED** ssl plugin type selection
``Supported values``: proxy, initiation or termination
:param str certidentifier:
**REQUIRED** Certificate identifier a mandatory option to be passed
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_cert_identifier(*args, **kwargs)
def conf_ssl_cache_timeout(device=None, *args, **kwargs):
"""
SSL session cache timeout configuration
Example :-
configure_ssl_cache_timeout( device=device, sslprofile = "sslprofile",
timeout="300")
configure_ssl_cache_timeout(device=device, mode="delete",
sslprofile = "sslprofile", timeout="300")
Robot example :-
configure ssl cache timeout device=$(device) sslprofile=sslprofile
timeout=300
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str sslprofile:
**REQUIRED** ssl proxy profile name mandatory option to be passed
:param str timeout:
**REQUIRED** cache timeout for ssl session
``Supported values``: 300 to 3600 seconds
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_cache_timeout(*args, **kwargs)
def conf_disable_ssl_proxy_resump(device=None, *args, **kwargs):
"""
SSL session resumption configuration
Example :-
conf_disable_ssl_proxy_resump(device=device, sslprofile="sslprofile")
conf_disable_ssl_proxy_resump(device=device, mode="delete",
sslprofile="sslprofile")
Robot example :-
conf disable ssl proxy resump device=$(device) sslprofile=sslprofile
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str sslprofile:
*REQUIRED* ssl proxy profile name mandatory option to be passed
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_disable_ssl_proxy_resump(*args, **kwargs)
def conf_ssl_proxy_whitelist(device=None, *args, **kwargs):
"""
Whitelist configuration with global address book
Example :-
conf_ssl_proxy_whitelist(device=device, whitelist="DNS-server DNS-server2",
sslprofile="sslprofile")
conf_ssl_proxy_whitelist(device=device, mode="delete",
whitelist="DNS-server DNS-server2", sslprofile = "sslprofile")
conf_ssl_proxy_whitelist(device=device, mode="delete", sslprofile="sslprofile")
Robot example :-
conf ssl proxy whitelist device=$(device) whitelist=DNS-server DNS-server2
sslprofile=sslprofile
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str whitelist:
*REQUIRED* Configure whitelist with global address book
: param str sslprofile:
* REQUIRED * ssl proxy profile name mandatory option to be passed
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_proxy_whitelist(*args, **kwargs)
def conf_sslsp_server_cert_list(device=None, *args, **kwargs):
"""
SSL Server protection Server certification list configuration
Example :-
conf_sslsp_server_cert_list(device=device, sslprofile="sslprofile",
servercert="ssl-inspect-ca")
conf_sslsp_server_cert_list(device=device, mode="delete", sslprofile="sslprofile",
servercert="ssl-inspect-ca")
conf_sslsp_server_cert_list(device=device, mode="delete", sslprofile="sslprofile")
Robot example :-
conf sslsp server cert list device=$(device) sslprofile=sslprofile
servercert=ssl-inspect-ca
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str sslprofile:
*REQUIRED* ssl proxy profile name mandatory option to be passed
:param servercert:
*REQUIRED* Server certification list profile a mandatory option to be passed
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_sslsp_server_cert_list(*args, **kwargs)
def conf_ssl_proxy_ignore_serv_auth(device=None, *args, **kwargs):
"""
SSL server certificate authentification failure ignore configuration
Example :-
conf_ssl_proxy_ignore_serv_auth( device=device, sslprofile="sslprofile")
conf_ssl_proxy_ignore_serv_auth(device=device, mode="delete",
sslprofile="sslprofile")
Robot example :-
conf ssl proxy ignore serv auth device=$(device)
sslprofile=sslprofile
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str sslplugin:
*OPTIONAL* SSL plugin type selection
``Supported values``: proxy, initiation or termination
``Default value`` : proxy
:param str sslprofile:
**REQUIRED** ssl proxy profile name mandatory option to be passed
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_ignore_serv_auth(*args, **kwargs)
def conf_ssl_init_enable_sess_cache(device=None, *args, **kwargs):
"""
SSL TLS initiation and termination plugin session cache enabling configuration
Example :-
conf_ssl_init_enable_sess_cache(device=device, sslprofile="sslinit")
conf_ssl_init_enable_sess_cache(device=device, mode="delete", sslprofile="sslinit")
Robot example :-
conf ssl init enable sess cache device=$(device) mode="delete" sslprofile="sslinit"
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str sslplugin:
*REQUIRED* SSL plugin type selection
``Supported values``: initiation or termination
``Default value`` : initiation
:param str sslprofile:
*REQUIRED* ssl proxy profile name mandatory option to be passed
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
"""
return SslServices(device).conf_ssl_enable_sess_cache(*args, **kwargs)
def conf_ssl_proxy_whitelist_url(device=None, *args, **kwargs):
"""
Whitelist configuration with global address book
Example :-
conf_ssl_proxy_whitelist(device=device,
whitelist="Enhanced_Financial_Data_and_Services", sslprofile = "sslprofile")
conf_ssl_proxy_whitelist(device=device, mode="delete",
whitelist="Enhanced_Financial_Data_and_Services", sslprofile = "sslprofile")
conf_ssl_proxy_whitelist(device=device, whitelist="Enhanced_Social_Web_Facebook",
sslprofile = "sslprofile")
conf_ssl_proxy_whitelist(device=device, mode="delete", sslprofile = "sslprofile")
Robot example :-
conf sslfp whitelist device=$(device) mode="delete"
sslprofile = "sslprofile"
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param whitelist:
*REQUIRED* Configure whitelist with global address book. Not mandatory when user wants\
delete complete whitelist configuration from profile
: param sslprofile:
* REQUIRED * ssl proxy profile name mandatory option to be passed
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_proxy_whitelist_url(*args, **kwargs)
def conf_ssl_init_protocol_version(device=None, *args, **kwargs):
"""
SSL TLS version configuration
Example :-
conf_ssl_init_protocol_version(device=device, sslprofile="sslinit", tls_version="tls11")
conf_ssl_init_protocol_version(device=device, mode="delete", sslprofile="sslinit",\
tls_version="tls11")
Robot example :-
conf ssl init protocol version device=$(device) sslprofile=sslinit \
tls_version=tls11
:param str device:
**REQUIRED** Handle of the device
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str sslplugin:
*OPTIONAL* SSL plugin type selection
``Supported values``: proxy, initiation or termination
``Default value`` : initiation
:param str sslprofile:
*REQUIRED* ssl proxy profile name mandatory option to be passed
:param str tls_version:
*REQUIRED* TLS version for ssl initiation profile "all", "tls11", "tls12" & "tls1"
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
"""
return SslServices(device).conf_ssl_protocol_version(sslplugin="initiation", *args, **kwargs)
def conf_ssl_proxy_renegotiation(device=None, *args, **kwargs):
"""
SSL session renegotiation configuration
Example :-
conf_ssl_proxy_renegotiation(device=device, sslprofile="sslprofile",
renegotiation="allow-secure")
conf_ssl_proxy_renegotiation(device=device, mode="delete", sslprofile="sslprofile",
renegotiation="allow")
Robot example :-
conf ssl proxy renegotiation device=$(device) sslprofile=sslprofile
renegotiation=allow-secure
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str sslprofile:
*REQUIRED* ssl proxy profile name mandatory option to be passed
:param renegotiation:
*REQUIRED* renegotiation configuration options "allow", "allow-secure" or "drop"
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_proxy_renegotiation(*args, **kwargs)
def conf_ssl_proxy_flow_trace(device=None, *args, **kwargs):
"""
Flow trace configuration in global ssl service level
Example :-
conf_ssl_proxy_flow_trace(device=device, sslprofile ="sslprofile")
conf_ssl_proxy_flow_trace(device=device, mode="delete", sslprofile ="sslprofile")
Robot example :-
conf ssl proxy flow trace device=$(device) sslprofile=sslprofile
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str sslplugin:
*OPTIONAL* SSL plugin type selection
``Supported values``: proxy, initiation or termination
``Default value`` : proxy
:param str sslprofile:
* REQUIRED * ssl proxy profile name mandatory option to be passed
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_flow_trace(*args, **kwargs)
def conf_ssl_termination(device=None, *args, **kwargs):
"""
Configuring SSL proxy in either client or server protection mode
Example :-
conf_ssl_termination(device=device,
sslprofile='sslterm',
certidentifier='ssl-inspect-ca',
enable_flow_trace="TrUe",
ciphersuite='rsa-with-rc4-128-md5 rsa-with-rc4-128-shA',
tls_version='all',
enable_session_cache='true'
)
conf_ssl_termination(mode='delete', sslprofile='sslterm')
Robot example :-
conf ssl termination sslprofile='sslterm' mode='delete'
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param sslprofile:
* REQUIRED * ssl proxy profile name
:param str certidentifier:
**REQUIRED** Certificate identifier a mandatory option to be passed
:param str enable_flow_trace:
*OPTIONAL* Enable flow trace for the ssl profile
``Supported values``: True
:param str ciphersuite:
*OPTIONAL* cipher suite
``Supported values``:
Values for preferred cipher suite
medium Use ciphers with key strength of 128-bits or greater
strong Use ciphers with key strength of 168-bits or greater
weak Use ciphers with key strength of 40-bits or greater
Values for custom cipher suite
rsa-with-rc4-128-md5 RSA, 128bit rc4, md5 hash
rsa-with-rc4-128-sha RSA, 128bit rc4, sha hash
rsa-with-des-cbc-sha RSA, des cbc, sha hash
rsa-with-3des-ede-cbc-sha RSA, 3des ede/cbc, sha hash
rsa-with-aes-128-cbc-sha RSA, 128 bit aes/cbc, sha hash
rsa-with-aes-256-cbc-sha RSA, 256 bit aes/cbc, sha hash
rsa-export-with-rc4-40-md5 RSA-export, 40 bit rc4, md5 hash
rsa-export-with-des40-cbc-sha RSA-export, 40 bit des/cbc, sha
:param str tls_version:
*OPTIONAL* TLS version for ssl profile
``Supported values``: all, tls11, tls12 or tls1
:param str enable_session_cache:
*OPTIONAL* enable session cache
``Supported values``: true
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_termination(*args, **kwargs)
def conf_ssl_trace_options(device=None, *args, **kwargs):
"""
ssl proxy/init/terminate trace options configuration
Example :-
configure_ssl_trace_options(device=device, filename="ssl-userfile",
maxfiles="10", size="100", worldreadable="yes",flag="cli-configuration",
level="extensive", noremotetrace="yes")
configure_ssl_trace_options(device=device, mode="delete",
filename="ssl-userfile", maxfiles="10", size="100", worldreadable="yes",
flag="cli-configuration", level="extensive", noremotetrace="yes")
Robot example :-
configure ssl trace options device=$(device) mode=delete
filename=ssl-userfile maxfiles=10 size=100 worldreadable=yes
flag=cli-configuration level=extensive noremotetrace=yes
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str filename:
*OPTIONAL* Name of the ssl traceoptions file to log traces
``Default value`` : ssl_trace
:param int maxfiles:
*OPTIONAL* Maximum no of trace files to be created on system
``Default value`` : 3
:param int size:
*OPTIONAL* Maximum size of the trace file
``Default value`` : 128000
:param str worldreadable:
*OPTIONAL* world-readable configuration
``Supported values``: true or false
:param str flag:
*OPTIONAL* Configure trace flag options
``Supported values``: all, cli-configuration, initiation, proxy,
selected-profile or termination
:param str level:
*OPTIONAL* Configure trace level options
``Supported values``: brief, detail, extensive or verbose
``Default value`` : brief
:param str noremotetrace:
*OPTIONAL* Disable remote tracing
``Supported values``: yes or no
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_trace_options(*args, **kwargs)
def conf_ssl_proxy_custom_cipher(device=None, *args, **kwargs):
"""
SSL custom cipher suite configurations
Example :-
conf_ssl_proxy_custom_cipher( device=device, sslprofile="sslprofile",
ciphersuite="rsa-with-rc4-128-md5 rsa-with-rc4-128-sha rsa-with-des-cbc-sha
rsa-export-with-rc4-40-md5")
conf_ssl_proxy_custom_cipher(device=device, mode="delete",
sslprofile="sslprofile", ciphersuite="rsa-with-rc4-128-md5 rsa-with-rc4-128-sha")
conf_ssl_proxy_custom_cipher(device=device, mode="delete" ,
sslprofile="sslprofile")
Robot example :-
conf ssl proxy custom cipher device=$(device) sslprofile=sslprofile
ciphersuite=rsa-with-rc4-128-md5 rsa-with-rc4-128-sha rsa-with-des-cbc-sha
rsa-export-with-rc4-40-md5
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str ciphersuite:
**REQUIRED** custom cipher suite to be configured
``Supported values``: rsa-with-rc4-128-md5 RSA, 128bit rc4, md5 hash
rsa-with-rc4-128-sha RSA, 128bit rc4, sha hash
rsa-with-des-cbc-sha RSA, des cbc, sha hash
rsa-with-3des-ede-cbc-sha RSA, 3des ede/cbc, sha hash
rsa-with-aes-128-cbc-sha RSA, 128 bit aes/cbc, sha hash
rsa-with-aes-256-cbc-sha RSA, 256 bit aes/cbc, sha hash
rsa-export-with-rc4-40-md5 RSA-export, 40 bit rc4, md5 hash
rsa-export-with-des40-cbc-sha RSA-export, 40 bit des/cbc, sha
:param str sslplugin:
*OPTIONAL* SSL plugin type selection
``Supported values``: proxy, initiation or termination
``Default value`` : proxy
:param str sslprofile:
**REQUIRED** ssl proxy profile name mandatory option to be passed
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_custom_cipher(*args, **kwargs)
def clear_ssl_statistics(device=None, *args, **kwargs):
"""
Keyword to clear ssl proxy statistics
Example :-
clear_ssl_statistics( device=device)
clear_ssl_statistics( device=device, node="node0")
Robot example :-
clear ssl statistics device=$(device) node="node0"
:param str device:
**REQUIRED** Handle of the device
:param str node:
*OPTIONAL* HA node selection
``Supported values``: node0 or node1
``Default value`` : local
"""
return SslServices(device).clear_ssl_statistics(*args, **kwargs)
def conf_ssl_proxy_crl(device=None, *args, **kwargs):
"""
SSL CRL configuration
Example :-
conf_ssl_proxy_crl( device=device, sslprofile="sslprofile",
crlaction="if-not-present",ifnotpresent="allow")
conf_ssl_proxy_crl( device=device, sslprofile="sslprofile",
crlaction="disable")
conf_ssl_proxy_crl( device=device, sslprofile="sslprofile",
crlaction="ignore-hold-instruction-code")
conf_ssl_proxy_crl(device=device, mode="delete", sslprofile="sslprofile")
Robot example :-
conf ssl proxy crl device=$(device) sslprofile=sslprofile
crlaction=if-not-present ifnotpresent=allow
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str sslplugin:
*OPTIONAL* SSL plugin type selection
``Supported values``: proxy, initiation or termination
``Default value`` : proxy
:param str sslprofile:
**REQUIRED** ssl proxy profile name mandatory option to be passed
:param str crlaction:
**REQUIRED** crl action configuration options
``Supported values``: disable, if-not-present or ignore-hold-instruction-code
:param str ifnotpresent:
**REQUIRED** if-not-present action should be parsed when crlaction is "if-not-present"
``Supported values``: allow or drop
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_crl(*args, **kwargs)
def conf_ssl_proxy_preferred_cipher(device=None, *args, **kwargs):
"""
SSL preferred cipher suite configurations
Example :-
conf_ssl_proxy_preferred_cipher( device=device, sslprofile="sslprofile",
ciphersuite="strong")
conf_ssl_proxy_preferred_cipher(device=device, mode="delete",
sslprofile="sslprofile")
Robot example :-
conf ssl proxy preferred cipher device=$(device)
sslprofile="sslprofile" ciphersuite="strong"
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str ciphersuite:
**REQUIRED** custom cipher suite to be configured
``Supported values``: custom Configure custom cipher suite and order of preference
medium Use ciphers with key strength of 128-bits or greater
strong Use ciphers with key strength of 168-bits or greater
weak Use ciphers with key strength of 40-bits or greater
:param str sslplugin:
*OPTIONAL* SSL plugin type selection
``Supported values``: proxy, initiation or termination
``Default value`` : proxy
:param str sslprofile:
**REQUIRED** ssl proxy profile name mandatory option to be passed
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_preferred_cipher(*args, **kwargs)
def conf_ssl_proxy_trusted_ca(device=None, *args, **kwargs):
"""
Trusted certificate configuration
Example :-
conf_ssl_proxy_trusted_ca(device=device, trusted_ca_list="all",
sslprofile ="sslprofile")
conf_ssl_proxy_trusted_ca(device=device, mode="delete", trusted_ca_list="all",
sslprofile = "sslprofile")
conf_ssl_proxy_trusted_ca(device=device, trusted_ca_list="all test1 test2 test3",
sslprofile = "sslprofile")
conf_ssl_proxy_trusted_ca(device=device, mode="delete", trusted_ca_list="all test1
test2 test3", sslprofile = "sslprofile")
conf_ssl_proxy_trusted_ca(device=device, mode="delete", sslprofile = "sslprofile")
Robot example :-
conf ssl proxy trusted ca device=$(device) trusted_ca_list=all
sslprofile =sslprofile
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str trusted_ca_list:
*REQUIRED* Configure trusted CAs
:param str sslplugin:
*OPTIONAL* SSL plugin type selection
``Supported values``: proxy, initiation or termination
``Default value`` : proxy
:param str sslprofile:
* REQUIRED * ssl proxy profile name mandatory option to be passed
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_trusted_ca(*args, **kwargs)
def conf_ssl_proxy_logging(device=None, *args, **kwargs):
"""
SSLFP logging configuration
Example: -
conf_ssl_proxy_logging(device=device, sslprofile= "sslprofile",
log="sessions-whitelisted")
conf_ssl_proxy_logging(device=device, mode="delete", sslprofile="sslprofile",
log = "all")
Robot example :-
conf ssl proxy logging device=$(device) sslprofile=sslprofile
log=sessions-whitelisted
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str sslprofile:
* REQUIRED * ssl proxy profile name mandatory option to be passed
:param log:
* REQUIRED * log action configuration options:
``Supported values``: all Log all events
errors Log all error events
info Log all information events
sessions-allowed Log ssl session allow events after an error
sessions-dropped Log only ssl session drop events
sessions-ignored Log session ignore events
sessions-whitelisted Log ssl session whitelist events
warning Log all warning events
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_proxy_logging(*args, **kwargs)
def get_ssl_statistics(device=None, *args, **kwargs):
"""
Keyword to fetch ssl proxy statistics
Example :-
get_ssl_statistics(device=device, )
get_ssl_statistics(device=device, node="node0")
get_ssl_statistics( pic="fpc1 pic1")
Robot example :-
get ssl statistics device=$(device) node="node0"
:param str device:
**REQUIRED** Handle of the device
:param str node:
*OPTIONAL* HA node selection
``Supported values``: node0 or node1
``Default value`` : local
:param str pic:
*OPTIONAL* Pass pic value to fetch details for the respective pic alone
``Supported values``: "fpc1 pic0", "fpc2 pic1" etc as per requirement
:return: Returns the dict object with values of each of the counters from statistics output
:rtype: dict
"""
return SslServices(device).get_ssl_statistics(*args, **kwargs)
def conf_cert_cache_config(device=None, **kwargs):
"""
SSL session cache timeout configuration
Example :-
conf_cert_cache_config( device=device, cmd = "certificate-cache-timeout",
timeout="300")
conf_cert_cache_config(device=device, mode="delete",
cmd = "certificate-cache-timeout", timeout="300")
conf_cert_cache_config( device=device, cmd = "disable-cert-cache")
conf_cert_cache_config(device=device, mode="delete",
cmd = "disable-cert-cache")
Robot example :-
conf cert cache config device=$(device) cmd=certificate-cache-timeout
timeout=300
conf cert cache config device=$(device) cmd=disable-cert-cache
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param str cmd:
**REQUIRED** cmd name mandatory argument to be passed
:param str timeout:
**REQUIRED** cache timeout for cert cache if cmd is certificate-cache-timeout
``Supported values``: 300 to 3600 seconds
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_cert_cache_config(**kwargs)
def conf_ssl_proxy_scale(device=None, *args, **kwargs):
"""
Configuring SSL proxy in either client or server protection mode
Example :-
conf_ssl_proxy_scale(device=device_handle,
sslplugin='forward_proxy',
sslprofile='sslprofile',
certidentifier='ssl-inspect-ca',
whitelist_url="Enhanced_Financial_Data_and_Services
Enhanced_Social_Web_Facebook",
log="all",
renegotiation="allow",
resumption="disable",
enable_flow_trace="true",
trusted_ca_list='all',
ignore_server_auth="true",
ciphersuite='rsa-with-rc4-128-md5 rsa-with-rc4-128-sha',
crlaction='if-not-present',
ifnotpresent='allow',
tls_version='all',
count='250',
commitcount='50'
)
conf_ssl_proxy_scale(device=device_handle, sslprofile='sslprofile', mode='deLeTe')
Robot example :-
conf ssl proxy scale device=${handle} sslprofile='sslprofile' mode='delete'
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param sslprofile:
* REQUIRED * ssl proxy profile name
:param str certidentifier:
**REQUIRED** Certificate identifier a mandatory option to be passed
:param str sslplugin:
**REQUIRED** ssl plugin type selection
``Supported values``: forward_proxy or reverse_proxy
:param str whitelist_url:
*OPTIONAL* Configure whitelist url categories
:param str whitelist:
*OPTIONAL* Configure whitelist with global address book. Not mandatory when user wants
delete complete whitelist configuration from profile
:param str log:
*OPTIONAL* log action configuration options:
``Supported values``: all Log all events
errors Log all error events
info Log all information events
sessions-allowed Log ssl session allow events after error
sessions-dropped Log only ssl session drop events
sessions-ignored Log session ignore events
sessions-whitelisted Log ssl session whitelist events
warning Log all warning events
:param str renegotiation:
*OPTIONAL* renegotiation configuration options
``Supported values``: allow, allow-secure or drop
:param str resumption:
*OPTIONAL* disable resumption
``Supported values``: disable
:param str enable_flow_trace:
*OPTIONAL* Enable flow trace for the ssl profile
``Supported values``: True
:param str trusted_ca_list:
*OPTIONAL* trusted CAs list
:param str ignore_server_auth:
*OPTIONAL* Enabling ignore server certificate authentication
``Supported values``: True
:param str ciphersuite:
*OPTIONAL* cipher suite
``Supported values``:
Values for preferred cipher suite
medium Use ciphers with key strength of 128-bits or greater
strong Use ciphers with key strength of 168-bits or greater
weak Use ciphers with key strength of 40-bits or greater
Values for custom cipher suite
rsa-with-rc4-128-md5 RSA, 128bit rc4, md5 hash
rsa-with-rc4-128-sha RSA, 128bit rc4, sha hash
rsa-with-des-cbc-sha RSA, des cbc, sha hash
rsa-with-3des-ede-cbc-sha RSA, 3des ede/cbc, sha hash
rsa-with-aes-128-cbc-sha RSA, 128 bit aes/cbc, sha hash
rsa-with-aes-256-cbc-sha RSA, 256 bit aes/cbc, sha hash
rsa-export-with-rc4-40-md5 RSA-export, 40 bit rc4, md5 hash
rsa-export-with-des40-cbc-sha RSA-export, 40 bit des/cbc, sha
:param str crlaction:
*OPTIONAL* crl action configuration options
``Supported values``: disable, if-not-present or ignore-hold-instruction-code
:param str ifnotpresent:
*OPTIONAL* if "if-not-present" action is parsed with crlaction then "if-not-present"
argument is REQUIRED
``Supported values``: allow or drop
:param str tls_version:
*OPTIONAL* TLS version for ssl profile
``Supported values``: all, tls11, tls12 or tls1
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
:param str count:
*OPTIONAL* no of profiles to be configured
``Default value`` : 100
:param str commitcount:
*OPTIONAL* iteration limit count to commit
``Default value`` : 25
:return: Returns "True"
:rtype: bool
"""
return SslServices(device).conf_ssl_proxy_scale(*args, **kwargs)
def conf_ssl_init_profile(device=None, *args, **kwargs):
"""
Configuring SSL proxy in either client or server protection mode
Example :-
conf_ssl_init_profile(device=device,
sslprofile='sslinit',
certidentifier='ssl-inspect-ca',
enable_flow_trace="TrUe",
trusted_ca_list='all',
ignore_server_auth="true",
ciphersuite='rsa-with-rc4-128-md5 rsa-with-rc4-128-shA',
crlaction='if-not-present',
ifnotpresent='aLLow',
tls_version='all',
enable_session_cache='true'
)
conf_ssl_init_profile(mode='delete', sslprofile='sslinit')
Robot example :-
conf ssl init profile sslprofile='sslinit' mode='delete'
:param str device:
**REQUIRED** Handle of the device
:param str mode:
*OPTIONAL* Device configuration mode
``Supported values``: set or delete
``Default value`` : set
:param sslprofile:
* REQUIRED * ssl proxy profile name
:param str certidentifier:
**REQUIRED** Certificate identifier a mandatory option to be passed
:param str enable_flow_trace:
*OPTIONAL* Enable flow trace for the ssl profile
``Supported values``: True
:param str trusted_ca_list:
*OPTIONAL* trusted CAs list
:param str ignore_server_auth:
*OPTIONAL* Enabling ignore server certificate authentication
``Supported values``: True
:param str ciphersuite:
*OPTIONAL* cipher suite
``Supported values``:
Values for preferred cipher suite
medium Use ciphers with key strength of 128-bits or greater
strong Use ciphers with key strength of 168-bits or greater
weak Use ciphers with key strength of 40-bits or greater
Values for custom cipher suite
rsa-with-rc4-128-md5 RSA, 128bit rc4, md5 hash
rsa-with-rc4-128-sha RSA, 128bit rc4, sha hash
rsa-with-des-cbc-sha RSA, des cbc, sha hash
rsa-with-3des-ede-cbc-sha RSA, 3des ede/cbc, sha hash
rsa-with-aes-128-cbc-sha RSA, 128 bit aes/cbc, sha hash
rsa-with-aes-256-cbc-sha RSA, 256 bit aes/cbc, sha hash
rsa-export-with-rc4-40-md5 RSA-export, 40 bit rc4, md5 hash
rsa-export-with-des40-cbc-sha RSA-export, 40 bit des/cbc, sha
:param str crlaction:
*OPTIONAL* crl action configuration options
``Supported values``: disable, if-not-present or ignore-hold-instruction-code
:param str ifnotpresent:
*OPTIONAL* if "if-not-present" action is parsed with crlaction then "if-not-present"
argument is REQUIRED
``Supported values``: allow or drop
:param str tls_version:
*OPTIONAL* TLS version for ssl profile
``Supported values``: all, tls11, tls12 or tls1
:param str enable_session_cache:
*OPTIONAL* enable session cache
``Supported values``: true
:param str commit:
*OPTIONAL* commit configuration option
``Supported values``: yes or no
``Default value`` : yes
"""
return SslServices(device).conf_ssl_initiation(*args, **kwargs)
