ssl-policylabel¶

The following operations can be performed on "ssl-policylabel":

add ssl policylabel¶

Creates an SSL policy label. An SSL policy label can be a control label or a data label.

Synopsis¶

add ssl policylabel <labelName> -type ( CONTROL | DATA )

Arguments¶

labelName

Name for the SSL policy label. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the policy label is created.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my label" or 'my label').

type

Type of policies that the policy label can contain.

Possible values: CONTROL, DATA

Example¶

add ssl policylabel ssl_pol_label -type REQ

rm ssl policylabel¶

Removes an SSL policy label.

Synopsis¶

rm ssl policylabel <labelName>

Arguments¶

labelName

Name of the SSL policy label to remove.

Example¶

rm ssl policylabel ssl_pol_label

bind ssl policylabel¶

Binds an SSL policy to an SSL policy label and specifies the order in which the policies in the label are to be evaluated.

Synopsis¶

bind ssl policylabel <labelName> <policyName> <priority> [<gotoPriorityExpression>] [-invoke (<labelType> <labelName>) ]

Arguments¶

labelName

Name of the SSL policy label to which to bind policies.

policyName

Name of the SSL policy to bind to the policy label.

priority

Integer specifying the policy's priority within the label. The lower the priority number, the higher the policy's priority. Policies are evaluated in order of priority, but the order can be modified by a goto priority expression. Minimum value: 1 Maximum value: 2147483647

gotoPriorityExpression

Expression or other value specifying the next policy to be evaluated if the current policy evaluates to TRUE. Specify one of the following values: * NEXT - Evaluate the policy with the next higher priority number. * END - End policy evaluation. * USE_INVOCATION_RESULT - Applicable if this policy invokes another policy label. If the final goto in the invoked policy label has a value of END, the evaluation stops. If the final goto is anything other than END, the current policy label performs a NEXT. * An expression that evaluates to a number. If you specify an expression, the number to which it evaluates determines the next policy to evaluate, as follows: * If the expression evaluates to a higher numbered priority, the policy with that priority is evaluated next. * If the expression evaluates to the priority of the current policy, the policy with the next higher numbered priority is evaluated next. * If the expression evaluates to a number that is larger than the largest numbered priority, policy evaluation ends.

An UNDEF event is triggered if: * The expression is invalid. * The expression evaluates to a priority number that is numerically lower than the current policy's priority. * The expression evaluates to a priority number that is between the current policy's priority number (say, 30) and the highest priority number (say, 100), but does not match any configured priority number (for example, the expression evaluates to the number 85). This example assumes that the priority number increments by 10 for every successive policy, and therefore a priority number of 85 does not exist in the policy label. Default value: "END"

invoke

Invoke policies bound to a policy label. After the invoked policies are evaluated, the flow returns to the policy with the next priority.

labelType

Type of policy label invocation.

Possible values: vserver, service, policylabel

labelName

Name of the label to invoke if the current policy rule evaluates to TRUE.

Example¶

bind ssl policylabel ssl_pol_label -policyName ssl_pol -priority 1

unbind ssl policylabel¶

Unbinds an SSL policy from an SSL policy label.

Synopsis¶

unbind ssl policylabel <labelName> <policyName> [-priority <positive_integer>]

Arguments¶

labelName

Name of the SSL policy label from which to unbind policies.

policyName

Name of the SSL policy to unbind.

priority

Priority of the NOPOLICY to be unbound. Minimum value: 1 Maximum value: 2147483647

Example¶

unbind ssl policylabel ssl_pol_label ssl_pol

show ssl policylabel¶

Displays information about all the SSL policy labels, or displays detailed information about the specified policy label.

Synopsis¶

show ssl policylabel [<labelName>]

Arguments¶

labelName

Name of the SSL policy label for which to show detailed information.

Output¶

stateflag

type

Type of policies that the policy label can contain.

numpol

Number of polices bound to label.

hits

Number of times policy label was invoked.

policyName

Name of the SSL policy to bind to the policy label.

priority

Specifies the priority of the policy.

gotoPriorityExpression

Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

invoke

Invoke flag.

labelType

Type of policy label invocation.

labelName

Name of the label to invoke if the current policy rule evaluates to TRUE.

flowType

Flowtype of the bound SSL policy.

description

Description of the policylabel

flags

devno

count

Example¶

i)show ssl policylabel ssl_pol_label ii)show ssl policylabel