global-config (Services)
Syntax
global-config { cache-usage-enforcement-threshold cache-usage-enforcement-threshold; certificate-cache-timeout seconds; disable-cert-cache; disable-deferred-profile-selection; invalidate-cache-on-crl-update; non-ssl-detection-threshold { byte-threshold byte-threshold; packet-threshold packet-threshold; } session-cache-timeout seconds; }
Hierarchy Level
[edit services ssl proxy]
Description
Specify the global proxy configuration. When SSL proxy is configured at a global level (within “services ssl proxy”), it is visible across the system configurations on the device.
Options
cache-usage-enforcement-threshold cache-usage-enforcement-threshold |
Percentage of total cache size after which per logical system limits will be enforced.
|
certificate-cache-timeout seconds |
Regulates the certificate cache timeout.
|
|
disable-cert-cache |
Disable the certificate cache. By default certificate cache is enabled. |
|
disable-deferred-profile-selection |
Disable the deferred profile selection mechanism. In the defered profile selection mechanism, the SSL proxy module defers SSL profile selection until the dynamic application is detected in a client hello message based on the Server Name Indication (SNI). After detecting dynamic application, SSL proxy module does a firewall rule lookup based on the identified application and selects an appropriate SSL proxy profile. |
|
invalidate-cache-on-crl-update |
Invalidate the existing certificate cache. By default, this option is disabled. |
|
non-ssl-detection-threshold |
Set limit that allows you to decide how long to wait before ignoring the the session if StartTLS is not received from the client.
|
Note:
Starting in Junos OS Release 23.4R1, we've renamed the
Note:
In case your firewall is processing FTP or SMTP traffic and has unified policy (dynamic-application) and ssl-proxy configured, we recommend the following configuration: [edit] user@host# set services ssl proxy global-config non-ssl-detection-threshold |
session-cache-timeout seconds |
Specify the session cache timeout.
|
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release
12.1X44-D10. disable-cert-cache
, certificate-cache-timeout
, and Invalidate-cache-on-crl-update
options are introduced
in Junos OS Release 18.1R1.