Create IPSec Static Filter Action
Creates a filter action with the specified quick mode security methods.
Note: This workflow is only available for use in Microsoft Windows environments.
Workflow inputs – Create IPSec Static Filter Action
Call Workflow Input | Description | Required? | Default Value |
connection details | XML document conforming to the ConnectionDetails common object that contains the information required to execute a command. | Yes | n/a |
name | Specifies the name of the filter action to be created. | Yes | n/a |
description | Provides information about the filter action. | Yes | n/a |
qmpfs | Specifies whether to enable session key perfect forward secrecy (PFS). If Yes is specified, new master key material is renegotiated each time a new session key is required.
Valid values: Yes, No | No | No |
inpass | Specifies whether to allow an incoming packet that matches the configured filter list to be unsecured, but require IPSec–secured communication when replying.
Valid values: Yes, No | No | No |
soft | Specifies whether to fall back to unsecured communication with other computers that do not support IPSec, or when IPSec negotiations with an IPSec–capable computer fail.
Valid values: Yes, No | No | No |
action | Specifies whether to permit traffic without negotiating IP security.
Valid values: permit, block negotiate
Note: If permit is specified, traffic is transmitted or received without negotiating or applying IP security. If block is specified, traffic is blocked. If negotiate is specified, IP security is used with the specified list of security methods. | No | negotiate |
qmsecmethods | Specifies one or more security methods, separated by spaces.
Valid format: {ESP [HTMLUATconboautil:ConfAlg,AuthAlg]:k/s,
Valid values: Where:ConfAlg (Specifies the encryption algorithm.) ConfigAlg (DES (Data Encryption Standard), 3DES, or none). AuthAlg (Specifies the integrity algorithm). AuthAlg (MD5 (Message Digest 5), SHA1 (Secure Hash Algorithm 1), or none). HashAlg (Specifies the hash function. HashAlg (MD5 (Message Digest 5) or SHA1). k (Specifies the session key lifetime in kilobytes.)
Note: k – After the specified number of kilobytes of data is transferred, a new session key for the quick mode SA is generated. | No | 100000 kilobytes and 3600 seconds |
Workflow outputs – Create IPSec Static Filter Action
Call Workflow Output | Description |
output | XML document consisting of one or more <line> elements that contain the command response. Each <line> element contains an index attribute indicating the order in which the information was returned by the command. |
success | Did the operation succeed?
Valid values: true, false |