key |
|
|
string |
Top level element, contains the ID of the connection policy. |
body |
|
|
Top level element (string) |
The elements of the connection policy. |
|
access_control |
|
Top level list |
Collection of access policies. Access policies define who can authorize and audit a connection. |
|
active |
|
boolean |
Set to false to suspend the connection policy. Connection settings are preserved. |
|
channel_database_cleanup |
|
Top level item |
Configures cleanup of the connection metadata on the connection policy's level. |
|
client_side_transport_security |
|
Top level item |
Defines the Transport Layer Security (TLS) settings for the connection between SPS and the client. For example: "client_side_transport_security": {
"selection": "disabled"
}, |
|
|
days |
int |
Retention time, in days. Must not exceed the retention time of the archive_cleanup_policy, and the retention time configured in the global settings of the protocol.
The global settings of the Telnet protocol are available at the api/configuration/telnet/options endpoint. |
|
|
enabled |
boolean |
Set to true to enable periodical cleanup of the connection metadata. |
|
indexing |
|
Top level item |
Configures indexing for the connection policy. |
|
|
enabled |
boolean |
Set to true to enable indexing the connections. |
|
|
policy |
string |
References the identifier of the indexing policy. You can configure indexing policies at the /api/configuration/policies/indexing/ endpoint.
To modify or add an indexing policy, use the value of the returned key as the value of the policy element, and remove any child elements (including the key). |
|
|
priority |
int |
Specifies the indexing priority for the connection. Possible values are:
|
|
log_audit_trail_downloads |
|
boolean |
Set to true to log audit trail downloads. |
|
name |
|
string |
The name of the connection policy. |
|
network |
|
|
|
|
|
clients |
list, string |
List of client ("from") IP addresses. |
|
|
ports |
list, integers |
List of target ports. |
|
|
targets |
list, string |
List of target IP addresses. |
|
override_log_level |
|
Top level item |
|
|
policies |
|
Top level item |
List of policies referenced by the connection policy. |
|
|
aa_plugin |
string |
References the identifier of the AA plug-in. You can configure AA plug-ins at the /api/configuration/plugins/aa/ endpoint.
To modify or add an AA plug-in, use the value of the returned key as the value of the aa_plugin element, and remove any child elements (including the key). |
|
|
analytics_policy |
string |
References the identifier of the analytics policy. You can configure analytics policies at the /api/configuration/analytics/ endpoint.
To add or modify an analytics policy, use the value of the returned key as the value of the analytics element, and remove any child elements (including the key). |
|
|
archive_cleanup_policy |
string |
References the identifier of the archive/cleanup policy. You can configure archive and cleanup policies at the /api/configuration/policies/archive_cleanup_policies/ endpoint.
To modify or add an archive/cleanup policy, use the value of the returned key as the value of the archive_cleanup_policy element, and remove any child elements (including the key). |
|
|
audit_policy |
string |
Cannot be null.
References the identifier of the audit policy. You can configure audit policies at the /api/configuration/policies/audit_policies/ endpoint.
To modify or add an audit policy, use the value of the returned key as the value of the audit_policy element, and remove any child elements (including the key). |
|
|
authentication_policy |
string |
Cannot be null.
References the identifier of the authentication policy. Note that currently you cannot create or modify Telnet Authentication Policies using the REST API. Use the web UI instead.
To modify or add an authentication policy, use the value of the returned key as the value of the authentication_policy element, and remove any child elements (including the key). |
|
|
backup_policy |
string |
References the identifier of the backup policy. You can configure backup policies at the /api/configuration/policies/backup_policies/ endpoint.
To modify or add a backup policy, use the value of the returned key as the value of the backup_policy element, and remove any child elements (including the key). |
|
|
channel_policy |
string |
You can configure Telnet channel policies at the /api/configuration/telnet/channel_policies/ endpoint. |
|
|
credential_store |
string |
References the identifier of the credential store.
You can configure credential stores at the /api/configuration/policies/credentialstores/ endpoint.
To modify or add a credential store, use the value of the returned key as the value of the credential_store element, and remove any child elements (including the key). |
|
|
ldap_server |
string |
References the identifier of the LDAP server. You can configure LDAP servers at the /api/configuration/policies/ldap_servers/ endpoint.
To modify or add an LDAP server, use the value of the returned key as the value of the ldap_server element, and remove any child elements (including the key). |
|
|
settings |
string |
|
|
|
usermapping_policy |
string |
References the identifier of a Usermapping Policy. You can configure Usermapping Policies at the /api/configuration/policies/usermapping_policies/ endpoint.
To modify or add a Usermapping Policy, use the value of the returned key as the value of the usermapping_policies element, and remove any child elements (including the key). |
|
rate_limit |
|
Top level element |
Connection rate limit. |
|
|
enabled |
boolean |
Set to true to provide a connection rate limit. |
|
|
value |
int |
The number of connections (per minute) that are allowed in the connection policy. |
|
server_address |
|
Top level item |
Defines the address where the clients connect to. |
|
server_side_transport_security |
|
Top level item |
Defines the Transport Layer Security (TLS) settings for the connection between SPS and the server. For example: "server_side_transport_security": {
"selection": "disabled"
}, |
|
source_address |
|
Top level element |
Allows you to configure Source Network Address Translation (SNAT) on the server side of SPS. SNAT determines the IP address SPS uses in the server-side connection. The target server will see the connection coming from this address. |
|
|
selection |
string |
Configures Source Network Address Translation. Possible values are:
-
box_address
Default. Uses the network address of the logical interface of SPS.
-
original
Uses the IP address of the client, as seen by SPS.
-
fix
Uses a fixed address when connecting to the remote server.
Must be used with the address element. |
|
|
address |
string |
Must be used if the value of the selection element is set to fix.
The IP address to use as the source address in server-side connections. |
|
web_gateway_authentication |
|
Top level item |
When gateway authentication is required for a connection, the user must authenticate on SPS as well. This additional authentication can be performed out-of-band on the SPS web interface for every protocol. |
|
|
enabled |
boolean |
Set to true to enable additional gateway authentication on the SPS web interface. |
|
|
groups |
list, string |
By default, any user can perform gateway authentication for the connections. You can restrict authentication to members of specific usergroups. Define the usergroups at the /api/configuration/aaa/local_database/groups/ endpoint, and list the name of each group here. |
|
|
require_same_ip |
boolean |
Set to true to only accept web gateway authentication from the same host that initiated the connection. |