The following table lists the variables that you can set for ASE.

Variable Description


Sets the mode in which ASE is deployed. The default value is inline. Set the value to sideband if you want ASE to work in the sideband mode.


Data port used for HTTP or WebSocket protocol. The default value is 8090.


Data port used for HTTPS or secure WebSocket protocol. The default value is 8443.


Management port used for CLI and REST API management. The default value is 8010.


ASE node uses this port number to communicate with other ASE nodes in the cluster. The default value is 8020.


The password for ASE keystore. The default password is asekeystore.


This key is used for authentication among ASE cluster node. All the nodes of the cluster must have the same cluster_secret_key. This key must be entered manually on each node of the ASE cluster for the nodes to communicate with each other. The default value is yourclusterkey.


This key is used to enable ASE to block auto detected attacks. Set this value to true to allow ASE to block auto detected attacks. The default value is false.


This key is used to enable ASE to fetch attack list from ABS. Set this value to true to fetch the list from ABS. The default value is false.


This key is used only in ASE sideband mode. If set to true, ASE sends a keep-alive in response header for the TCP connection between API gateway and ASE. With the default false value, ASE sends a connection close in response header for connection between API gateway and ASE.

Email default settings

Configure the following settings:

  • enable_emails: Set it to true for ASE to send email notifications. Default value is false.
  • smtp_host and smtp_port
  • sender_email: Email address used from which email alerts and reports are sent.
  • email_password: Password of sender’s email account.
  • receiver_email: Email address to which the email alerts and reports are sent.

CLI admin password

The default value for CLI admin is admin. To change the password, you need the current password.


Make sure to take a backup of the ase-defaults.yml file on a secure machine after the automated installation is complete.

The following is a sample ase-defaults.yml file.

    # Deployment mode for ASE. Valid values are inline or sideband
    mode: inline

    # Define ports for the PingIntelligence API Security Enforcer
    # Make sure ports are not same for single server installation
    http_ws_port: 8090
    https_wss_port: 8443
    management_port: 8010
    cluster_manager_port: 8020
    # Password for ASE keystore
    keystore_password: asekeystore
    # cluster_secret_key for ASE cluster
    cluster_secret_key: yourclusterkey

    # enable keepalive for ASE in sideband mode
    enable_sideband_keepalive: false

    # Configure Email Alert. Set enable_emails to true to configure
    # email settings for ASE
    enable_emails: false
    smtp_port: 587
    email_password: password
    # CLI admin password
    current_admin_password: admin
    new_admin_password: admin