Unless you need only the
built-in actions in your policies, you have to create the actions before
creating the policies, so that you can specify the actions when you create the
policies. The built-in actions are of two types, control actions and data
actions. You use control actions in control policies, and data actions in data
control actions are:
- CLIENTAUTH—Perform client
- NOCLIENTAUTH—Do not
perform client certificate authentication.
data actions are:
- RESET—Close the
connection by sending a RST packet to the client.
- DROP—Drop all packets
from the client. The connection remains open until the client closes it.
- NOOP—Forward the packet
without performing any operation on it.
You can create
user-defined data actions. For example, if you enable client authentication,
you can create an SSL action to insert client-certificate data into the request
header before forwarding the request to the web server. For more information
about user-defined actions, see
Configuring User-Defined SSL Actions.
If a policy
evaluation results in an undefined state, an UNDEF action is performed. For
either a data policy or a control policy, you can specify RESET, DROP, or NOOP
as the UNDEF action. For a control policy, you also have the option of
specifying CLIENTAUTH or NOCLIENTAUTH.