SSLO Unified

Overview

You can use the SSLO Unified API to create, edit, retrieve and delete SSLO objects from a BIG-IQ. This API can also deploy the SSLO object to multiple target BIG-IPs from the BIG-IQ. You can use this approach to deploy one SSLO object at a time. You can deploy Topology, Service, Service Chain, Security Policy, or SSL types of SSLO objects. To deploy the object, send a POST with JSON in the body of the request containing all the information required to perform the deployment. It is the responsibility of the API caller to include in the template field at least the minimum information required to deploy the specified type of SSLO object. The schema of the JSON in the template field depends upon the type of SSLO object, which is specified by the value of {block_type} in the query URL. The possible JSON schemas of template, listed by corresponding {block_type}, is shown in the JSON schema section.

You can use this unified API to discover and import a SSLO object or to edit the general-settings block.

For more information about the F5 SSL Orchestrator (SSLO), refer to the overview resources listed at Overview of F5 SSL Orchestrator .

REST Endpoint: /mgmt/cm/sslo/api/{block_type}

Requests

POST /mgmt/cm/sslo/api/{block_type}

To create a SSLO object, send a POST request to the api/{block_type} endpoint.

Query Parameters

Name Type Required Description
{block_type} string True Specifies the type of SSLO object and determines the schema of the JSON passed in the request’s body as the template field. The value “topology” means this is for the deployment of a topology SSLO object. “service” means this is for a service or service-chain SSLO object. “security-policy” means this is for a service policy SSLO object. “ssl” means this is for a TLS SSLO object. The value “discover-import” can be used to discover and import a SSLO object. The value “general-settings” can be used to edit a general-settings block.

Request Parameters

The JSON in the body of the request can contain the following parameters.

Name Type Required Description
template object True Specifies the values of template which are required to deploy this type of SSLO object. The JSON schema of template depends upon the type of object to be deployed. The JSON schemas of template mapped to {block_type} is shown below in the JSON schema section.
targetList object True Defines the list of target BIG-IPs to which the SSLO object will be deployed.
     type string True The type of target to which the SSLO object will be deployed. Possible values are: “DEVICE”, “CLUSTER” or “LOCATION”. The value “LOCATION” can only be used with service deployments
     name string If type is “LOCATION” or “CLUSTER” then name is required. If type is “DEVICE”, the either name or address must be present. The Device/cluster/location name of the target BIG-IP.
     address string If type is “LOCATION” or “CLUSTER” then name is required. If type is “DEVICE”, the either name or address must be present. The IP address of the target BIG-IP.
     targetProperties string False Specifies the values of properties which are required to deploy this type of SSLO object. The JSON schema of targetProperties depends upon the type of object to be deployed. The JSON schemas of properties mapped to {block_type} is shown below in the JSON schema section.

Response

HTTP/1.1  202 Accepted

Name Type Description
statusURI string Status URI for the task.
name string Name of the block for which the task was initiated.
id string UUID for the task.
status string Current status of the task. Possible values: “QUEUED”, “CREATED”, “STARTED”, “CANCEL_REQUESTED”, “CANCELED”, “FAILED”, or “FINISHED”.

Permissions

Role Allow
Admin Yes
SSL Orchestrator Manager Yes

PUT /mgmt/cm/sslo/api/{block_type}/{block_name}

To edit a SSLO object, send a PUT request to the api/{block_type}/{block_name} endpoint.

Query Parameters

Name Type Required Description
{block_type} string True Specifies the type of SSLO object and determines the schema of the JSON passed in the request’s body as the properties field. The value “topology” means this is for the deployment of a topology SSLO object. “service” means this is for a service or service-chain SSLO object. “security-policy” means this is for a service policy SSLO object. “ssl” means this is for a TLS SSLO object. The value “discover-import” can be used to discover and import a SSLO object. The value “general-settings” can be used to edit a general-settings block.
{block_name} string True Specifies the name of SSLO block.

Request Parameters

The JSON in the body of the request can contain the following parameters.

Name Type Required Description
template object True Specifies the values of template which are required to deploy this type of SSLO object. The JSON schema of template depends upon the type of object to be deployed. The JSON schemas of template mapped to {block_type} is shown below in the JSON schema section.
targetList object True Defines the list of target BIG-IPs to which the SSLO object will be deployed.
     type string True The type of target to which the SSLO object will be deployed. Possible values are: “DEVICE”, “CLUSTER” or “LOCATION”. The value “LOCATION” can only be used with service deployments
     name string If type is “LOCATION” or “CLUSTER” then name is required. If type is “DEVICE”, the either name or address must be present. The Device/cluster/location name of the target BIG-IP.
     address string If type is “LOCATION” or “CLUSTER” then name is required. If type is “DEVICE”, the either name or address must be present. The IP address of the target BIG-IP.
     targetProperties string False Specifies the values of target properties which are required to deploy this type of SSLO object. The JSON schema of targetProperties depends upon the type of object to be deployed. The JSON schemas of targetProperties mapped to {block_type} is shown below in the JSON schema section.

Response

HTTP/1.1  202 Accepted

Name Type Description
statusURI string Status URI for the task.
name string Name of the block for which the task was initiated.
id string UUID for the task.
status string Current status of the task. Possible values: “QUEUED”, “CREATED”, “STARTED”, “CANCEL_REQUESTED”, “CANCELED”, “FAILED”, or “FINISHED”.

Permissions

Role Allow
Admin Yes
SSL Orchestrator Manager Yes

PATCH /mgmt/cm/sslo/api/{block_type}/{block_name}

To edit a SSLO object, send a PATCH request to the api/{block_type}/{block_name} endpoint.

Query Parameters

Name Type Required Description
{block_type} string True Specifies the type of SSLO object and determines the schema of the JSON passed in the request’s body as the properties field. The value “topology” means this is for the deployment of a topology SSLO object. “service” means this is for a service or service-chain SSLO object. “security-policy” means this is for a service policy SSLO object. “ssl” means this is for a TLS SSLO object. The value “discover-import” can be used to discover and import a SSLO object. The value “general-settings” can be used to edit a general-settings block.
{block_name} string True Specifies the name of SSLO block.

Request Parameters

The JSON in the body of the request can contain the following parameters.

Name Type Required Description
template object True Specifies the values of template which are required to deploy this type of SSLO object. The JSON schema of template depends upon the type of object to be deployed. The JSON schemas of template mapped to {block_type} is shown below in the JSON schema section.
targetList object True Defines the list of target BIG-IPs to which the SSLO object will be deployed.
     type string True The type of target to which the SSLO object will be deployed. Possible values are: “DEVICE”, “CLUSTER” or “LOCATION”. The value “LOCATION” can only be used with service deployments
     name string If type is “LOCATION” or “CLUSTER” then name is required. If type is “DEVICE”, the either name or address must be present. The Device/cluster/location name of the target BIG-IP.
     address string If type is “LOCATION” or “CLUSTER” then name is required. If type is “DEVICE”, the either name or address must be present. The IP address of the target BIG-IP.
     targetProperties string False Specifies the values of target properties which are required to deploy this type of SSLO object. The JSON schema of targetProperties depends upon the type of object to be deployed. The JSON schemas of targetProperties mapped to {block_type} is shown below in the JSON schema section.

Response

HTTP/1.1  202 Accepted

Name Type Description
statusURI string Status URI for the task.
name string Name of the block for which the task was initiated.
id string UUID for the task.
status string Current status of the task. Possible values: “QUEUED”, “CREATED”, “STARTED”, “CANCEL_REQUESTED”, “CANCELED”, “FAILED”, or “FINISHED”.

Permissions

Role Allow
Admin Yes
SSL Orchestrator Manager Yes

DELETE /mgmt/cm/sslo/api/{block_type}/{block_name}

To delete a SSLO object, send a DELETE request to the api/{block_type}/{block_name} endpoint.

Query Parameters

Name Type Required Description
{block_type} string True Specifies the type of SSLO object and determines the schema of the JSON passed in the request’s body as the properties field. The value “topology” means this is for the deployment of a topology SSLO object. “service” means this is for a service or service-chain SSLO object. “security-policy” means this is for a service policy SSLO object. “ssl” means this is for a TLS SSLO object. The value “discover-import” can be used to discover and import a SSLO object. The value “general-settings” can be used to edit a general-settings block.
{block_name} string True Specifies the name of SSLO block.

Request Parameters

None

Response

HTTP/1.1  202 Accepted

Name Type Description
statusURI string Status URI for the task.
name string Name of the block for which the task was initiated.
id string UUID for the task.
status string Current status of the task. Possible values: “QUEUED”, “CREATED”, “STARTED”, “CANCEL_REQUESTED”, “CANCELED”, “FAILED”, or “FINISHED”.

Permissions

Role Allow
Admin Yes
SSL Orchestrator Manager Yes

GET /mgmt/cm/sslo/api/{block_type}/{block_name}

To retrieve a SSLO object, send a GET request to the api/{block_type}/{block_name} endpoint.

Query Parameters

Name Type Required Description
{block_type} string True Specifies the type of SSLO object and determines the schema of the JSON passed in the request’s body as the properties field. The value “topology” means this is for the deployment of a topology SSLO object. “service” means this is for a service or service-chain SSLO object. “security-policy” means this is for a service policy SSLO object. “ssl” means this is for a TLS SSLO object. The value “discover-import” can be used to discover and import a SSLO object. The value “general-settings” can be used to edit a general-settings block.
{block_name} string True Specifies the name of SSLO block.

Request Parameters

None

Response

HTTP/1.1  202 Accepted

Name Type Description
statusURI string Status URI for the task.
name string Name of the block for which the task was initiated.
id string UUID for the task.
status string Current status of the task. Possible values: “QUEUED”, “CREATED”, “STARTED”, “CANCEL_REQUESTED”, “CANCELED”, “FAILED”, or “FINISHED”.

Permissions

Role Allow
Admin Yes
SSL Orchestrator Manager Yes

Examples

POST to create new SSLO service

Following is an example of a POST to create a new SSLO ICAP service object.

POST https://<BIG-IQ>/mgmt/cm/sslo/api/service

The JSON in the body of the POST can look similar to the following example.

{
"template": {
    "SERVICE": {
        "ssloS_NewService": {
            "name": "ssloS_NewService",
            "customService": {
                "name": "ssloS_NewService",
                "serviceType": "icap",
                "loadBalancing": {
                    "devices": [
                        {
                            "ip": "3.4.5.6",
                            "port": "1344"
                        }
                    ]
                }
            }
        }
    }
},
"targetList": [
        {
            "type": "DEVICE",
            "name": "bigip-1.lab.sample.com",
            "targetProperties": {
              "SERVICE": {
               "ssloS_NewService": {
                "customService": {
                    "loadBalancing": {
                        "devices": [
                            {
                                "ip": "1.1.1.1",
                                "port": "1344"
                            }
                        ]
                    }
                }
            }
        }
        }
        }
    ]
}

Response

HTTP/1.1 202 Accepted

{
    "id": "4444d478-73c5-4029-ab9c-ebf5e7e63d70",
    "status": "STARTED",
    "name": "ssloS_NewService",
    "statusURI": "https://localhost/mgmt/cm/sslo/tasks /api/4444d478-73c5-4029-ab9c-ebf5e7e63d70"
}

PATCH to edit a SSLO service

Following is an example of a PATCH to edit an existing SSLO service object named ssloS_ExistingService. You can use either PUT or PATCH to edit the object.

PATCH https://<BIG-IQ>/mgmt/cm/sslo/api/service/ssloS_ExistingService

The JSON in the body of the PATCH request can look similar to the following example.

{
    "template": {
    "SERVICE":{
      "ssloS_ExistingService": {
            "name": "ssloS_ExistingService",
            "customService": {
                    "name": "ssloS_ExistingService",
                    "serviceType": "icap",
                    "loadBalancing": {
                            "devices": [{
                                    "ip": "3.4.5.6",
                                    "port": "1344"
                            }]
                    }
            }
    }
  }
  },
    "targetList": [{
            "type": "DEVICE",
            "name": "bigip-1.lab.sample.com",
            "targetProperties": {
              "SERVICE":{
      "ssloS_ExistingService": {
                    "customService": {
                            "loadBalancing": {
                                    "devices": [{
                                            "ip": "2.2.2.2",
                                            "port": "1344"
                                    }]
                            }
                    }}}
            }
    }]
}

Response

HTTP/1.1 202 Accepted

{
    "id": "4444d478-73c5-4029-ab9c-ebf5e7e63d70",
    "status": "STARTED",
    "name": "ssloS_ExistingService",
    "statusURI": "https://localhost/mgmt/cm/sslo/tasks /declare/4444d478-73c5-4029-ab9c-ebf5e7e63d70"
}

DELETE to delete a SSLO service

Following is an example of a DELETE to delete an existing SSLO service object named ssloS_ExistingService.

DELETE https://<BIG-IQ>/mgmt/cm/sslo/api/service/ssloS_ExistingService

The body of the DELETE request can be empty.

Response

HTTP/1.1 202 Accepted

{
    "id": "4444d478-73c5-4029-ab9c-ebf5e7e63d70",
    "status": "STARTED",
    "name": "ssloS_ExistingService",
    "statusURI": "https://localhost/mgmt/cm/sslo/tasks/declare/4444d478-73c5-4029-ab9c-ebf5e7e63d70"
}

GET to retrieve a SSLO object

Following is an example of a GET to get a SSLO service object named ssloS_ExistingService.

GET https://<BIG-IQ>/mgmt/cm/sslo/api/service/ssloS_ExistingService

The body of the GET request can be empty.

Response

HTTP/1.1 202 Accepted

{
    "template": {
    "SERVICE": {
      "ssloS_ExistingService" : {
            "name": "ssloS_ExistingService",
            "customService": {
                    "name": "ssloS_ExistingService",
                    "serviceType": "icap",
                    "loadBalancing": {
                            "devices": [{
                                    "ip": "3.4.5.6",
                                    "port": "1344"
                            }]
                    }
            }
    }
  }
  },
    "targetList": [{
            "type": "DEVICE",
            "name": "bigip-1.lab.sample.com",
            "targetProperties": {
      "SERVICE": {
      "ssloS_ExistingService" : {
                    "customService": {
                            "loadBalancing": {
                                    "devices": [{
                                            "ip": "2.2.2.2",
                                            "port": "1344"
                                    }]
                            }
                    }}}
            }
    }]
}

POST to create an F5 SWG service

Following is an example of a POST to create a new SSLO SWG service object. Please note that “perReqPolicy” should be created on BIG-IP and is a pre-requisite for creating the SWG service on BIG-IQ.

POST https://<BIG-IQ>/mgmt/cm/sslo/api/service

The JSON in the body of the POST can look similar to the following example.

{
    "template": {
            "SERVICE": {
                    "ssloS_F5_SWG": {
                            "name": "ssloS_F5_SWG",
                            "selfIps": {},
                            "partition": "Common",
                            "strictness": true,
                            "vendorInfo": {
                                    "name": "F5 Secure Web Gateway"
                            },
                            "description": "Type: swg",
                            "useTemplate": false,
                            "customService": {
                                    "name": "ssloS_F5_SWG",
                                    "serviceType": "swg",
                                    "serviceSpecific": {
                                            "name": "ssloS_F5_SWG",
                                            "iRuleList": [{
                                                    "name": "/Common/ssloS_F5_SWG.app/ssloS_F5_SWG-swg",
                                                    "value": "/Common/ssloS_F5_SWG.app/ssloS_F5_SWG-swg"
                                            }],
                                            "description": "",
                                            "logSettings": [{
                                                    "name": "/Common/default-log-setting",
                                                    "value": "/Common/default-log-setting"
                                            }],
                                            "perReqPolicy": "/Common/test",
                                            "accessProfile": "/Common/ssloS_F5_SWG.app/ssloS_F5_SWG_M_accessProfile",
                                            "accessProfileScope": "profile",
                                            "accessProfileNameScopeValue": "",
                                            "accessProfileScopeCustSource": "/Common/modern"
                                    },
                                    "serviceDownAction": "reset"
                            }
                    }
            }
    },
    "targetList": [{
            "type": "DEVICE",
            "name": "bigip-1.lab.sample.com"
    }]
}

Response

HTTP/1.1 200 OK

{
    "id": "383aaf80-f550-48e4-97f7-f7e43c92f506",
    "status": "STARTED",
    "name": "ssloS_F5_SWG",
    "statusURI": "https://localhost/mgmt/cm/sslo/tasks/api/383aaf80-f550-48e4-97f7-f7e43c92f506"
}

PATCH to edit an F5 SWG service

Following is an example of a PATCH to edit an existing SSLO service object named ssloS_F5_SWG. You can use either PUT or PATCH to edit the object.

PATCH https://<BIG-IQ>/mgmt/cm/sslo/api/service/ssloS_F5_SWG

The JSON in the body of the PATCH request can look similar to the following example.

{
    "template": {
            "SERVICE": {
                    "ssloS_F5_SWG": {
                            "name": "ssloS_F5_SWG",
                            "selfIps": {},
                            "partition": "Common",
                            "strictness": true,
                            "vendorInfo": {
                                    "name": "F5 Secure Web Gateway"
                            },
                            "description": "Type: swg",
                            "useTemplate": false,
                            "customService": {
                                    "name": "ssloS_F5_SWG",
                                    "serviceType": "swg",
                                    "serviceSpecific": {
                                            "name": "ssloS_F5_SWG",
                                            "iRuleList": [{
                                                    "name": "/Common/ssloS_F5_SWG.app/ssloS_F5_SWG-swg",
                                                    "value": "/Common/ssloS_F5_SWG.app/ssloS_F5_SWG-swg"
                                            }],
                                            "description": "",
                                            "logSettings": [{
                                                    "name": "/Common/default-log-setting",
                                                    "value": "/Common/default-log-setting"
                                            }],
                                            "perReqPolicy": "/Common/test",
                                            "accessProfile": "/Common/ssloS_F5_SWG.app/ssloS_F5_SWG_M_accessProfile",
                                            "accessProfileScope": "named",
                                            "accessProfileNameScopeValue": "named_scope",
                                            "accessProfileScopeCustSource": "/Common/modern"
                                    },
                                    "serviceDownAction": "reset"
                            }
                    }
            }
    },
    "targetList": [{
            "type": "DEVICE",
            "name": "bigip-1.lab.sample.com"
    }]
}

Response

HTTP/1.1 200 Accepted

{
    "id": "be62d535-2f3a-4913-8192-038275668a7f",
    "status": "STARTED",
    "name": "ssloS_F5_SWG",
    "statusURI": "https://localhost/mgmt/cm/sslo/tasks/api/be62d535-2f3a-4913-8192-038275668a7f"
}

JSON schema

The JSON schema is different for different service types.

template schema for {block_type} = “service”

The JSON in the template field can contain the following parameters when using the SSLO Unified API to deploy a service block. This corresponds to using the Open API deployment approach and SsloL2ServiceSchema, SsloIcapServiceSchema, SsloTapServiceSchema, SsloHttpServiceSchema, SsloL3ServiceSchema or SsloSwgServiceSchema.

Name Type Required Description
template object True Specifies the values of template which are required to deploy this type of SSLO object.
     templateName string False Name of the service template.
     name string True Name of the service.
     description string False Description of the service.
     useTemplate boolean False Is a template used? Possible values are true or false.
     serviceTemplate string False The service template.
     vendorInfo object False Information about the ICAP vendor
          product string False ICAP vendor’s product
          name string False ICAP vendor’s name
          model string False ICAP vendor’s model
          version string False ICAP vendor’s version
     customService object False Information about a custom service
          serviceType string False Type of service
          name string False The name of the service
          ipFamily string False IP family of the service
          cpmPolicies string False CPM policy of the service
          loadBalancing object False Information about load balancing devices
                devices object False A list of load balancing devices
                      port string False Port number of a load balancing device
                      ip object False IP address of a load balancing device
                monitor object False Information about load balancing monitor
                      custom object False A description of a custom map for load balancing monitor
                      fromSystem string False From System for Load balancing monitor
          serviceSpecific object False Information about the service
                allowHttp10 boolean False Does the service allow HTTP 1.0? Possible values are true or false.
                enableOneConnect boolean False Does the service enable OneConnect? Possible values are true or false.
                headers object False ICAP header information
                      mode object False ICAP header mode
                      headerConfig object False Configuration of ICAP headers. Contains referrer, host, userAgent and from information.
                responseUri string False URI for ICAP service response
                name string False Name of ICAP service
                previewLength number False Length of ICAP service preview
                requestUri string False URI for ICAP service request
                policy string False ICAP service policy
          serviceDownAction string False Information about the service down action
     initialIpFamily string False IP type

template schema for {block_type} = “topology”

The JSON in the template field can contain the following parameters when using the SSLO Unified API to deploy a topology block. This corresponds to using the Open API approach for deployment and SsloTopologySchema.

Name Type Required Description
template object True Specifies the values of template which are required to deploy this type of SSLO object.
     ruleLabel string False Specifies the selected SSL topology setting as outbound or inbound decryption. Possible values: “Outbound” and “Inbound”.
     sslSetting string False Specifies the SSL setting
     pool string False Specifies the pool setting
     l7Profile string False Specifies a L7 profile which is associatede with the L7 profile type
     ipFamily string False Specifies whether this configuration to supports IPv4 addresses or IPv6 addresses. Possible values: “ipv4”, “ipv6”, or “both”.
     l7ProfileType string False Specifies an L7 profile type
     accessProfile string False Specifies the access profile
     type string False Specifies type topology type based on your initial network setup. Possible values: “topology_l2_outbound”, “topology_l2_inbound”, “topology_l3_outbound”, “topology_l3_inbound”, “topology_l3_explicit_proxy”, or “topology_existing_app”.
     securityPolicy string False Specifies the Security Policy setting.

template schema for {block_type} = “service-chain”

The JSON in the template field can contain the following parameters when using the SSLO Unified API to deploy a service-chain block. This corresponds to using the Open API approach for deployment and SsloServiceChainSchema.

Name Type Required Description
template object True Specifies the values of template which are required to deploy this type of SSLO object.
     orderedServiceList object False List of ordered service.
          serviceType string False Type of service. Possible values: “ICAP”, “HTTP”, “L2”, “L3”, “TAP”, “SWG”, or “NULL”.
          name string False Name of the service.
          IpFamily string False Ip family. Possible values: “ipv4”, “ipv6”, or “both”.
     name string False Name of the service chain.
     description string False Description of the service chain.

template schema for {block_type} = “ssl”

The JSON in the template field can contain the following parameters when using the SSLO Unified API to deploy a ssl block. This corresponds to using the Open API approach for deployment and SsloTlsSchema.

Name Type Required Description
template object True Specifies the values of template which are required to deploy this type of SSLO object.
     sslSettingsName string False Name of existing SSL settings object
     advanceMode string False Advanced Mode for SSL settings.
     name string False Name of SSL object
     description string False Description of SSL object
     generalSettings object False TLS general settings
          bypassHandshakeAlert boolean False Enable bypass handshake alert? Possible values: true or false.
          bypassClientCertFailure boolean False Enable bypass client certificate failure? Possible values: true or false.
          isForwardProxy boolean False Check if forward proxy is enabled? Possible values: true or false.
     clientSettings object False TLS client settings
          enabledSSLProcessingOptions object False List of SSL processing options
                name string False Name of SSL processing options
                value string False Value of SSL processing option.
          forwardByPass boolean False Check if forward bypass is enabled? Possible values: true or false.
          caCertKeyChain object False SSL CA Cert Key Chain
                chain string False Chain for SSL client settings
                CACertPassphrase string False Passphrase for SSL CA certificate key chain element
                port string False Port for SSL CA certificate key chain element
                usage string False Usage for SSL CA certificate key chain element
                name string False Name for SSL CA certificate key chain element
                isCa boolean False Check if cert is CA? Possible values: true or false.
                cert string False Certificate for SSL client settings
                passphrase string False Passphrase for SSL client settings
                key string False Key for SSL client settings
          ciphers object False SSL CA Cert Key Chain
                cipherGroup string False Cipher group for TLS ciphers
                iscipherString boolean False Check if cipher type is a cipher string. Possible values: true or false.
                cipherString string False Specifies the ciphers that system supports
          certKeyChain object False Information about SSL certificate key chain
                chain string False Chain for SSL client settings
                name string False Name for SSL certificate key chain element
                cert string False Cert for SSL client settings
                passphrase string False Passphrase for SSL client settings
                certPassphrase string False Passphrase for SSL certificate key chain element
                key string False Key for SSL client settings
     serverSettings object False Information about TLS server settings
          ocsp string False Specifies the configured Online Certificate System Protocol
          caBundle string False Specifies the CA bundle
          ciphers object False Information about SSL CA certificate dey chain
                cipherGroup string False Cipher group for TLS ciphers.
                iscipherString boolean False Check if cipher type is a cipher string. Possible values: true or false.
                cipherString string False Specifies the ciphers that system supports
          expiredCertificates boolean False Should system ignore or drop connections to servers with an expired certificate? Possible values: true or false.
          crl string False Specifies the configured Certificate Revocation List.
          untrustedCertificates boolean False Should system ignore or drop connections to servers with an untrusted certificate? Possible values: true or false.

template schema for {block_type} = “security-policy”

The JSON in the template field can contain the following parameters when using the SSLO Unified API to deploy a security-policy block. This corresponds to using the Open API approach for deployment and SecurityPolicySchema.

Name Type Required Description
template object True Specifies the values of template which are required to deploy this type of SSLO object.
     policyConsumer object False Information about the policy consumer
          subType string False Policy consumer’s subType
          type string False Policy consumer’s type
     proxyConfigurations object False Information about the proxy configuration
          password string False Specifies the password for this proxy configuration
          isProxyChainEnabled boolean False Enable proxy chain? Possible values: true or false.
          username string False Specifies the username for this proxy configuration
     isDefaultPinnersSet boolean False Does this policy has a pinners rule? Possible values: true or false.
     name string False Specifies the name of this security policy
     serverCertStatusCheck boolean False Enable this value if either expiredCertificates or untrustedCertificates in ssl configuration is set to false. Possible values: true or false.
     description string False Description of this security policy.
     rules object False List of the rules in this security policy
          name string False Name of this rule in the security policy
          action string False Action of this rule in the security policy
          conditions object False List of conditions for this rule
                type string False The rule condition type
          operation string False The logical operation for the rule conditions
          actionOptions object False Action options for the security policy rule
                chain string False Name of the service chain that should be attached to this rule
                ssl string False Option to set if this rule should be intercepted or bypassed
     language string False Only english is supported.
     type string False Only custom type is supported.

template schema for {block_type} = “general-settings”

The JSON in the template field can contain the following parameters when using the SSLO Unified API to deploy a general-settings block. This corresponds to using the Open API approach for deployment and GeneralSettingsSchema.

Name Type Required Description
template object True Specifies the values of template which are required to deploy this type of SSLO object.
     egressNetwork object False Information about the egress general settings
          gatewayOptions string False Route gateway options
          useDefault boolean False Use the default gateway options? Possible values: true or false.
     name string False Name of general settings block
     dns object False Information about DNS settings
          enableDnsSecurity boolean False Enable DNS security? Possible values: true or false.
          enableLocalDnsZones boolean False Enable local DNS zones? Possible values: true or false.
          enableLocalDnsQueryResolution boolean False Enable DNS query resolution? Possible values: true or false.
          localDnsNameservers object False List of local DNS servers
          localDnsZones object False List of local DNS zones.
                zone string False Name of local DNS zone
                nameServerIps object False List of server IPs
     ipFamily object False IP family. Possible values: “ipv4”, “ipv6”, or “both”.