Cluster 'proto'
Flag
Description
software_ssl_only
This flag appears only on systems that are equipped with
Hardware SSL Acceleration. When enabled, it specifies
that all SSL operations will be performed in software,
instead of being performed using the SSL accelerator
hardware. This flag does not appear on systems that are
not equipped with Hardware SSL Acceleration, since on
these units SSL operations are always performed in
software. This flag is disabled by default.
All units with Hardware SSL Acceleration can process the
TLSv1.0, TLSv1.1, and TLSv1.2 protocols in both
hardware and software, except for legacy GX hardware.
On legacy GX hardware, only TLSv1.0 is supported by
Hardware SSL Acceleration; if you want to enable TLSv1.1
or TLSv1.2 on GX hardware, you must first enable this
flag.
Please note that enabling this option will reduce the
processor and memory resources generally available for
processing cluster traffic, since performing SSL
operations in software requires use of the system CPU and
system memory (instead of the dedicated SSL acceleration
hardware CPU and memory).
allow_tls10
This option enables and disables support for the TLSv1.0
protocol. Enabled by default. If multiple TLS versions are
enabled, the first supported TLS version negotiated by a
client will be used.
allow_tls11
This option enables and disables support for the TLSv1.1
protocol. Disabled by default. If multiple TLS versions are
enabled, the first supported TLS version negotiated by a
client will be used.
allow_tls12
This option enables and disables support for the TLSv1.1
protocol. Disabled by default. If multiple TLS versions are
enabled, the first supported TLS version negotiated by a
client will be used.
rewrite_redirects
When enabled, forces Equalizer to pass responses from
an HTTPS cluster’s servers without rewriting them. In the
typical Equalizer setup, you configure servers in an
HTTPS cluster to listen and respond using HTTP; Equal-
izer communicates with the clients using SSL. If a server
sends an HTTP redirect using the Location: header, this
URL most likely will not include the https: protocol. Equal-
izer rewrites responses from the server so that they are
HTTPS. You can direct Equalizer to pass responses from
the server without rewriting them by enabling this option.
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
175
Equalizer Administration Guide
Содержание Equalizer GX Series
Страница 18: ......
Страница 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 42: ......
Страница 52: ......
Страница 64: ......
Страница 72: ......
Страница 76: ......
Страница 123: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 123 Equalizer Administration Guide ...
Страница 228: ......
Страница 238: ......
Страница 411: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 411 Equalizer Administration Guide ...
Страница 459: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 459 Equalizer Administration Guide ...
Страница 476: ......
Страница 492: ......
Страница 530: ......
Страница 614: ......
Страница 626: ......
Страница 638: ......
Страница 678: ......
Страница 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 754: ......
Страница 790: ......
Страница 804: ......
Страница 842: ......
Страница 847: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 847 Equalizer Administration Guide ...
Страница 866: ......