Schema Reference

This page is a reference for the objects you can use in your Declarations for AS3 on BIG-IP Next. For more information on BIG-IP objects and terminology, see the BIG-IP documentation at https://support.f5.com/csp/home.

Analytics_Profile

HTTP Analytics profile with configurable options

Name

Default

Values

Description

Supported On

class (string)

Analytics_Profile

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

captureFilter (object)

{}

See “Capture_Filter”

Criteria determining when the system captures a portion of the application traffic

Core

collectGeo (boolean)

None

true, false

Specifies that the system collects statistics of the names of the countries from which that traffic was sent

Core, Next

collectClientSideStatistics (boolean)

None

true, false

Specifies that the system collects statistics regarding the HTTP request and response times

Core, Next

collectUrl (boolean)

None

true, false

Specifies that the system collects statistics of requested URLs

Core, Next

collectIp (boolean)

None

true, false

Specifies that the system collects statistics of the IP addresses of where the traffic came from

Core, Next

collectDestinationIpGeo (boolean)

None

true, false

Specifies that the system collects statistics of the destination IP addresses

Next

collectSubnet (boolean)

None

true, false

Specifies that the system collects statistics of client subnets

Core, Next

collectUserAgent (boolean)

None

true, false

Specifies that the system collects statistics about browsers used to send traffic

Core, Next

collectOsAndBrowser (boolean)

true

true, false

Specifies that the system collect statistics about the OSs and Browsers used to send requests

Core, Next

collectResponseCode (boolean)

true

true, false

Specifies that the system collects statistics about the distribution of HTTP response codes returned by the servers

Core, Next

collectMethod (boolean)

true

true, false

Specifies that the system collects statistics about the distribution of HTTP methods found in requests

Core, Next

collectMaxTpsAndThroughput (boolean)

None

true, false

Specifies that the system collects statistics for the maximum number of transactions per second, and the maximum amount of traffic moving through the system, both request and response throughput values

Core, Next

collectPageLoadTime (boolean)

None

true, false

Specifies that the system collects statistics of the round-trip latency between client end-users and the servers

Core, Next

collectUserSession (boolean)

None

true, false

Specifies that the system collects statistics of the number of unique user sessions in the application traffic, as determined by the value of the configured HTTP cookies found in the requests

Core, Next

collectedStatsInternalLogging (boolean)

true

true, false

Specifies that statistics logs are stored in the system

Core

collectedStatsExternalLogging (boolean)

None

true, false

Specifies that statistics logs are stored on a remote server

Core

capturedTrafficInternalLogging (boolean)

None

true, false

Specifies that the system captures a portion of the application traffic and sends it to a remote server

Core

capturedTrafficExternalLogging (boolean)

None

true, false

Specifies that the system captures a portion of the application traffic which can then be viewed on the System >> Logs >> Captured Transactions screen

Core

sampling (boolean)

None

true, false

None

Next

samplingRatio (integer)

100

[1-10000]

None

Next

sessionCookieSecurity (string)

ssl-only

ssl-only, always-secure, never-secure

Specify whether to secure session cookies

Core, Next

sessionTimeoutMinutes (integer)

5

[5-60]

The number of minutes of user non-activity ot allow before the system considers the session to be over

Core, Next

externalLoggingPublisher (object)

None

See “Pointer_Log_Publisher”

Reference to a log publisher

Core

notificationBySyslog (boolean)

None

true, false

Specifies that the system sends notifications to the syslog

Core

notificationBySnmp (boolean)

None

true, false

Specifies that the system sends notifications as SNMP traps

Core

notificationByEmail (boolean)

None

true, false

Specifies that the system sends notifications by e-mail

Core

notificationEmailAddresses (array)

None

None

The e-mail addresses of a recipient to whom the system should send email notifications

Core

publishIruleStatistics (boolean)

None

true, false

Specifies that the system collects and displays statistics according to the expressions written in an iRule

Core

urlsForStatCollection (array)

None

None

Specifies the requested URLs for collecting statistics

Core

countriesForStatCollection (array)

None

None

Specifies the countries for collecting statistics

Core

subnetsForStatCollection (array)

None

None

Specifies the requested subnets for collecting statistics

Core

Capture_Filter

Criteria determining when the system captures a portion of the application traffic

Name

Default

Values

Description

Supported On

requestCapturedParts (string)

none

all, body, headers, none

Specifies which parts of the request data the system captures

Core

responseCapturedParts (string)

none

all, body, headers, none

Specifies which parts of the response data the system captures

Core

dosActivity (string)

any

any, mitigated-by-dosl7

Specifies whether the system captures traffic data mitigated by the DoS Layer 7 Enforcer, or traffic regardless of DoS activity

Core

capturedProtocols (string)

all

all, http, https

Specifies whether the system captures traffic data that is sent using any protocol, or a specific type of protocol

Core

capturedReadyForJsInjection (string)

disabled

disabled, enabled

Specifies whether the system captures all traffic data from all transactions or only from transactions that qualify for JavaScript injection

Core

virtualServers (array)

None

Specifies whether the system captures traffic data sent from/to all virtual servers, or only from/to specific virtual servers. If none are specified then all will be collected

Core

nodeAddresses (array)

None

Specifies whether the system captures traffic data sent from/to all nodes, or only from/to specific nodes. If none are specified then all will be collected

Core

responseCodes (array)

None

Specifies whether the system captures traffic data based on the HTTP response status codes that the requests return. If none are specified then all will be collected

Core

methods (array)

None

Specifies whether the system captures traffic data based on the HTTP method that was requested. If none are specified then all will be collected

Core

urlFilterType (string)

all

all, black-list, white-list

Specifies how the URL path prefixes are interpreted

Core

urlPathPrefixes (array)

None

Specifies URLs the filter type is to be applied to. If none are specified then all will be collected

Core

userAgentSubstrings (array)

None

Specifies whether the system captures traffic sent from all browsers, or only traffic sent from a specific browser

Core

clientIps (array)

None

Specifies the client IP addresses to collect stats for. If none are specified, then all will be collected

Core

requestContentFilterSearchPart (string)

none

all, headers, body, none, uri

Specifies the part of the request that should be filtered by the search string

Core

requestContentFilterSearchString (string)

None

None

Specifies the string the request should be searched for

Core

responseContentFilterSearchPart (string)

none

all, body, headers, none

Specifies the part of the response that should be filtered by the search string

Core

responseContentFilterSearchString (string)

None

None

Specifies the string the response should be searched for

Core

Enum_Country_Analytics

Enum values for Analytics_Profile

Name

Default

Values

Description

Supported On

Enum_Country_Analytics (string)

None

Afghanistan, Aland Islands, Albania, Algeria, American Samoa, Andorra, Angola, Anguilla, Anonymous Proxy, Antarctica, Antigua and Barbuda, Argentina, Armenia, Aruba, Asia/Pacific Region, Australia, Austria, Azerbaijan, Bahamas, Bahrain, Bangladesh, Barbados, Belarus, Belgium, Belize, Benin, Bermuda, Bhutan, Bolivia, Bonaire, Saint Eustatius and Saba, Bosnia and Herzegovina, Botswana, Bouvet Island, Brazil, British Indian Ocean Territory, Brunei Darussalam, Bulgaria, Burkina Faso, Burundi, Cambodia, Cameroon, Canada, Cape Verde, Cayman Islands, Central African Republic, Chad, Chile, China, Christmas Island, Cocos (Keeling) Islands, Colombia, Comoros, Congo, Congo, The Democratic Republic of the, Cook Islands, Costa Rica, Cote D’Ivoire, Croatia, Cuba, Cyprus, Czech Republic, Denmark, Djibouti, Dominica, Dominican Republic, Ecuador, Egypt, El Salvador, Equatorial Guinea, Eritrea, Estonia, Ethiopia, Europe, Falkland Islands (Malvinas), Faroe Islands, Fiji, Finland, France, France, Metropolitan, French Guiana, French Polynesia, French Southern Territories, Gabon, Gambia, Georgia, Germany, Ghana, Gibraltar, Greece, Greenland, Grenada, Guadeloupe, Guam, Guatemala, Guernsey, Guinea, Guinea-Bissau, Guyana, Haiti, Heard Island and McDonald Islands, Holy See (Vatican City State), Honduras, Hong Kong, Hungary, Iceland, India, Indonesia, Iran, Islamic Republic of, Iraq, Ireland, Isle of Man, Israel, Italy, Jamaica, Japan, Jersey, Jordan, Kazakhstan, Kenya, Kiribati, Korea, Democratic People’s Republic of, Korea, Republic of, Kuwait, Kyrgyzstan, Lao People’s Democratic Republic, Latvia, Lebanon, Lesotho, Liberia, Libyan Arab Jamahiriya, Liechtenstein, Lithuania, Luxembourg, Macau, Macedonia, Madagascar, Malawi, Malaysia, Maldives, Mali, Malta, Marshall Islands, Martinique, Mauritania, Mauritius, Mayotte, Mexico, Micronesia, Federated States of, Moldova, Republic of, Monaco, Mongolia, Montenegro, Montserrat, Morocco, Mozambique, Myanmar, Namibia, Nauru, Nepal, Netherlands, Netherlands Antilles, New Caledonia, New Zealand, Nicaragua, Niger, Nigeria, Niue, Norfolk Island, Northern Mariana Islands, Norway, Oman, Other, Pakistan, Palau, Palestinian Territory, Panama, Papua New Guinea, Paraguay, Peru, Philippines, Pitcairn Islands, Poland, Portugal, Puerto Rico, Qatar, Reunion, Romania, Russian Federation, Rwanda, Saint Barthelemy, Saint Helena, Saint Kitts and Nevis, Saint Lucia, Saint Martin, Saint Pierre and Miquelon, Saint Vincent and the Grenadines, Samoa, San Marino, Sao Tome and Principe, Satellite Provider, Saudi Arabia, Senegal, Serbia, Seychelles, Sierra Leone, Singapore, Slovakia, Slovenia, Solomon Islands, Somalia, South Africa, South Georgia and the South Sandwich Islands, Spain, Sri Lanka, Sudan, Suriname, Svalbard and Jan Mayen, Swaziland, Sweden, Switzerland, Syrian Arab Republic, Taiwan, Tajikistan, Tanzania, United Republic of, Thailand, Timor-Leste, Togo, Tokelau, Tonga, Trinidad and Tobago, Tunisia, Turkey, Turkmenistan, Turks and Caicos Islands, Tuvalu, Uganda, Ukraine, United Arab Emirates, United Kingdom, United States, United States Minor Outlying Islands, Unknown, Uruguay, Uzbekistan, Vanuatu, Venezuela, Vietnam, Virgin Islands, British, Virgin Islands, U.S., Wallis and Futuna, Western Sahara, Yemen, Zambia, Zimbabwe

Enum values for Analytics_Profile

Core

Analytics_TCP_Profile

TCP Analytics profile with configurable options

Name

Default

Values

Description

Supported On

class (string)

Analytics_TCP_Profile

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

collectCity (boolean)

None

true, false

Specifies that the system saves the name of the city with which traffic was exchanged

Core, Next

collectContinent (boolean)

true

true, false

Specifies that the system saves the name of the continent with which traffic was exchanged

Core, Next

collectCountry (boolean)

true

true, false

Specifies that the system saves the name of the country with which traffic was exchanged

Core, Next

collectedByClientSide (boolean)

true

true, false

Specifies that system collects statistics on the client side

Core, Next

collectedByServerSide (boolean)

true

true, false

Specifies that system collects statistics on the server side

Core, Next

collectedStatsExternalLogging (boolean)

None

true, false

Specifies that statistics logs are stored on a remote server

Core

collectedStatsInternalLogging (boolean)

true

true, false

Specifies that statistics logs are stored in the system

Core

collectNexthop (boolean)

None

true, false

Specifies that the system saves the address to which the traffic is being routed

Core, Next

collectPostCode (boolean)

None

true, false

Specifies that the system saves the name of the postcode with which traffic was exchanged

Core, Next

collectRegion (boolean)

true

true, false

Specifies that the system saves the name of the region with which traffic was exchanged

Core, Next

collectRemoteHostIp (boolean)

None

true, false

Specifies that the system collects IP addresses with which traffic was exchanged

Core, Next

collectRemoteHostSubnet (boolean)

true

true, false

Specifies that the system saves the address of the subnet with which traffic was exchanged

Core, Next

externalLoggingPublisher (object)

None

See “Pointer_Log_Publisher”

Reference to a log publisher

Core

CA_Bundle

Bundle of one or more PKI Certificate-Authority certificates

Name

Default

Values

Description

Supported On

class (string)

CA_Bundle

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

bundle (object)

None

None

Reference to a CA bundle or string of PEM encoded certificates

Core, Next

Certificate_Validator_OCSP

OCSP validator for certificates

Name

Default

Values

Description

Supported On

class (string)

Certificate_Validator_OCSP

None

None

Core

dnsResolver (object)

None

None

BIG-IP AS3 pointer to DNS resolver used to resolve hostnames in client requests

Core

label (object)

None

See “Label”

Optional friendly name for this object

Core

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core

responderUrl (string)

None

None

Specifies the absolute URL that overrides the OCSP responder URL obtained from the certificate’s AIA extension(s). This should be a HTTP based URL.

Core

signingCertificate (object)

None

None

Specifies the certificate object to use for OCSP responders that require the request to be signed

Core

signingHashAlgorithm (string)

sha256

sha1, sha256

Specifies a hash algorithm used to sign an OCSP request

Core

timeout (integer)

8

[1-300]

Specifies the time interval (in seconds) that the BIG-IP waits for before ending the connection to the OCSP responder. The default value is 8

Core

Certificate

Configures a Certificate

Name

Default

Values

Description

Supported On

class (string)

Certificate

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

certificate (object)

None

None

X.509 public-key certificate

Core, Next

privateKey (object)

None

None

Private key matching certificate’s public key (optional)

Core, Next

chainCA (object,string)

None

None

Bundle of one or more CA certificates in trust-chain from root CA to certificate (optional)

Core, Next

passphrase (object)

None

None

If supplied, used to decrypt privateKey at runtime (optional)

Core, Next

pkcs12 (object)

None

None

The pkcs12 value which may be a url to fetch the binary file from or base64 encoded string

Core

pkcs12Options (object)

None

None

Options for importing PKCS12 file

Core

staplerOCSP (object)

None

None

BIG-IP AS3 pointer to OCSP Stapler declaration (optional)

Core

issuerCertificate (object)

None

None

Specifies the name of the issuer certificate for this certificate

Core

Constants

Named values for (re-)use by declaration objects

Name

Default

Values

Description

Supported On

class (string)

Constants

None

None

Core, Next

Controls

Optional controls configuration

Name

Default

Values

Description

Supported On

archiveId (number,string)

None

None

Read-only property present when you GET a declaration from configuration system. Archived versions of declaration are identified by a combination of ‘id’ and ‘archiveId’

Core

archiveTimestamp (string)

None

None

Read-only property present when you GET a declaration from configuration system. Indicates when this version (see archiveId) of declaration was archived

Core

betaRemark (string)

None

None

Property used primarily for testing the beta schema

Next (Beta)

class (string)

Controls

None

None

Core, Next

dryRun (boolean)

None

true, false

Boolean that indicates if this declaration will be run as a dry-run. If true, the declaration will NOT make any changes to the system, but will respond with whether or not it would.

Core

fortune (boolean)

None

true, false

If true, BIG-IP AS3 will activate Zoltar mode and read you your fortune

Core

logLevel (string)

None

emergency, alert, critical, error, warning, notice, info, debug

Controls the amount of detail in logs produced while configuring this Tenant (default is whole-declaration Controls/logLevel value)

Core, Next

trace (boolean)

None

true, false

If true, BIG-IP AS3 creates a detailed trace of the configuration process for this Tenant for subsequent analysis (default is whole-declaration Controls/trace value). Warning: trace files may contain sensitive configuration data

Core

traceResponse (boolean)

None

true, false

If true, the response will contain the trace files

Core, Next

userAgent (string)

None

None

User Agent information to include in TEEM report

Core, Next

Data_Group

Data group definition with configurable options

Name

Default

Values

Description

Supported On

class (string)

Data_Group

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

dataGroupFile (object)

None

See “Pointer_Data_Group_File”

Reference to a Data Group File

Core

externalFilePath (string)

None

None

Specifies the location (URI) from where the records will be copied

Core

ignoreChanges (boolean)

None

true, false

If false (default), the system updates data group in every AS3 declaration deployment. If true, AS3 creates the data group on first deployment, and leaves it untouched afterwards

Core

keyDataType (string)

None

integer, ip, string

Specifies the type of record keys the data group contains. If string, the value will be escaped by default

Core, Next

records (array)

None

None

List of records

Core, Next

separator (string)

:=

None

Specifies the character(s) that separate the record key and value

Core

storageType (string)

internal

internal, external

Toggles whether the data group is internal or external

Core

DNS_Logging_Profile

Configures a Domain Name System (DNS) logging profile

Name

Default

Values

Description

Supported On

class (string)

DNS_Logging_Profile

None

None

Core

label (object)

None

See “Label”

Optional friendly name for this object

Core

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core

includeCompleteAnswer (boolean)

true

true, false

Specifies whether the system logs the complete answer from the query

Core

includeQueryId (boolean)

None

true, false

Specifies whether the system logs the ID of the query

Core

includeSource (boolean)

true

true, false

Specifies whether the system logs the source (the BIG-IP system that receives the packet)

Core

includeTimestamp (boolean)

true

true, false

Specifies whether the system logs the timestamp of when the query was created

Core

includeView (boolean)

true

true, false

Specifies whether the system includes the view in the log

Core

logPublisher (object)

None

See “Pointer_Log_Publisher”

Reference to a log publisher

Core

logQueriesEnabled (boolean)

true

true, false

Specifies whether the system logs queries

Core

logResponsesEnabled (boolean)

None

true, false

Specifies whether the systems logs responses

Core

HTTP_Acceleration_Profile

HTTP acceleration profile with configurable options

Name

Default

Values

Description

Supported On

class (string)

HTTP_Acceleration_Profile

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Next

agingRate (integer)

9

[0-10]

Rate at which a cache entry ages

Core, Next

cacheSize (integer)

100

[1-65536]

The maximum size (in megabytes) for the cache.

Core, Next

ignoreHeaders (string)

all

none, max-age, all

Which cache disabling headers will be ignored by the system

Core, Next

insertAgeHeaderEnabled (boolean)

true

true, false

Age and date headers are inserted into the response when enabled

Core, Next

maximumAge (integer)

3600

[0-4294967295]

How long (in seconds) the system will consider the cached content valid

Core, Next

maximumEntries (integer)

10000

[1-4294967295]

The maximum number of entries that can reside in the cache

Core, Next

maximumObjectSize (integer)

50000

[0-4294967295]

The largest object (in bytes) that the system will cache

Core, Next

metadataMaxSize (integer)

25

[0-4294967295]

The maximum size (in megabytes) of the metadata cache

Core

minimumObjectSize (integer)

500

[0-4294967295]

The smallest object (in bytes) that the system will cache

Core, Next

parentProfile (object)

{“bigip”:”/Common/webacceleration”}

See “Pointer_HTTP_Acceleration_Profile”

Reference to a HTTP Acceleration Profile

Core

uriExcludeList (array)

None

None

A list of URIs that will be excluded from the cache

Core, Next

uriIncludeList (array)

None

None

A list of URIs that will be cacheable

Core, Next

uriIncludeOverrideList (array)

None

None

A list of URIs that should be cached even though they may normally not be due to existing constraints

Core, Next

uriPinnedList (array)

None

None

A list of URIs that are kept in the cache regardless of maxAge or expiry settings

Core, Next

HTTP_Compress

HTTP Compression profile with configurable options

Name

Default

Values

Description

Supported On

class (string)

HTTP_Compress

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

allowHTTP10 (boolean)

None

true, false

Specifies whether to forward HTTP 1.0 requests/responses (default false)

Core, Next

bufferSize (integer)

4096

[256-4294967295]

Maximum number of response octets to buffer before deciding whether to apply compression (default 4096)

Core, Next

contentTypeExcludes (array)

None

None

List of response Content-Type values which BIG-IP AS3 should not compress. Values are regular expressions that match Content-Type strings

Core, Next

contentTypeIncludes (array)

None

None

List of response Content-Type values which BIG-IP AS3 should compress. Values are regular expressions that match Content-Type strings

Core, Next

cpuSaver (boolean)

true

true, false

If true (default), system will reduce compression rate when CPU utilization exceeds cpuSaverHigh threshold and increase it when CPU utilization falls below cpuSaverLow threshold

Core

cpuSaverHigh (integer)

90

[15-99]

CPU utilization percentage (default 90) above which BIG-IP AS3 should moderate compression

Core

cpuSaverLow (integer)

75

[10-95]

CPU utilization percentage (default 75) below which the system returns compression to normal

Core

gzipLevel (integer)

1

[1-9]

Compression level (default 1); higher values produce greater compression but use more CPU cycles

Core, Next

gzipMemory (integer)

8

[1-256]

Compression memory allocation in kilobytes (default 8), should be a power of two

Core, Next

gzipWindowSize (integer)

16

[1-128]

Compression window size in kilobytes (default 16), should be a power of two

Core, Next

keepAcceptEncoding (boolean)

None

true, false

Specifies that the system does not remove the Accept-Encoding header from an HTTP request (default false)

Core, Next

minimumSize (integer)

1024

[128-131072]

BIG-IP AS3 will not compress responses of fewer octets than this (default 1024)

Core

preferMethod (string)

gzip

gzip, deflate

Select preferred compression method (default gzip, strongly recommended)

Core

selective (boolean)

None

true, false

If true, BIG-IP AS3 will only compress a response when an iRule attached to the virtual server requests it (default is false, meaning BIG-IP AS3 will compress responses which meet the criteria in this profile)

Core

uriExcludes (array)

None

None

List of request URI’s for which BIG-IP AS3 should not compress responses. Values are regular expressions that match request URI strings

Core, Next

uriIncludes (array)

None

None

List of request URI’s for which BIG-IP AS3 should compress responses. Values are regular expressions that match URI strings

Core, Next

varyHeader (boolean)

true

true, false

If true (default), a Vary header will appear in compressed responses

Core

HTTP_Profile

HTTP profile with configurable options

Name

Default

Values

Description

Supported On

class (string)

HTTP_Profile

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

allowBlankSpaceAfterHeaderName (boolean)

None

true, false

Specifies whether to allow blank space in an HTTP header between the header name and the separator colon in an HTTP request or response. Requires TMOS version 16.1 or newer.

Core

allowedResponseHeaders (array)

None

None

By default BIG-IP AS3 passes HTTP headers in responses from pool members to clients unaltered. You may list names of allowed response headers here and BIG-IP AS3 removes any you do not list from responses.

Core

cookiePassphrase (object)

None

None

Used to create secret key for cookie encryption (when missing, BIG-IP AS3 uses a system-generated key)

Core, Next

encryptCookies (array)

None

None

List cookies to encrypt en-route to the client and decrypt en-route to a pool member

Core, Next

enforceRFCCompliance (boolean)

None

true, false

BIG-IP LTM performs basic RFC compliance checks as described in the latest RFC for the HTTP protocol. If a client request fails these checks, then the connection is reset. Requires TMOS version 15.0 or newer.

Core

fallbackRedirect (string)

None

None

Domain name (or IP address) of service (if any) to which BIG-IP AS3 should redirect a request when no pool member is responsive or selected pool member returns a fallbackStatusCode

Core, Next

fallbackStatusCodes (array)

None

None

When a pool member responds to a request with one of these HTTP status codes (for example, 500), redirect the client to the fallbackRedirect

Core

hstsIncludeSubdomains (boolean)

true

true, false

If true then HSTS headers (see hstsInsert) will tell clients to apply HSTS settings to the hostnames of this service and all their possible subdomains. Warning: an incorrect value here can make multiple websites unreachable, not just this service

Core

hstsInsert (boolean)

None

true, false

If true, insert HSTS (HTTP Strict Transport Security) headers into responses sent to clients (default false). Warning: misconfiguration of HSTS can make a website unreachable

Core

hstsPeriod (integer)

7862400

[0-4294967295]

If hstsInsert is true, this value tells each client how long (in seconds; default 7862400 equals 91 days) to wait before refreshing HSTS settings for this service. Warning: once a client receives erroneous HSTS settings it will ignore any attempt to correct them until this period has expired

Core

hstsPreload (boolean)

None

true, false

If true, include the domain for the web site associated with this HTTP profile in the browser’s preload list. This forces the client to send packets over SSL/TLS.

Core

requestChunking (string)

preserve

selective, preserve, rechunk, sustain

Controls handling of HTTP payload chunking in requests from clients (default is ‘preserve’). Note: ‘selective’ and ‘preserve’ will be translated to ‘sustain’ when TMOS version is 15.0 or newer

Core, Next

responseChunking (string)

selective

selective, preserve, unchunk, rechunk, sustain

Controls handling of HTTP payload chunking in responses from pool members (default ‘selective’ adapts to most situations). Note: ‘selective’ and ‘preserve’ will be translated to ‘sustain’ when TMOS version is 15.0 or newer

Core, Next

rewriteRedirects (string)

none

none, all, matching, addresses, nodes

In selected Location-header values (default none) of redirect responses from pool members, change protocol HTTP to HTTPS before passing redirects to clients

Core, Next

insertHeader (object)

None

None

You may insert one header into each request before BIG-IP AS3 sends it to a pool member. The header value may be a simple string or the result of an iRules TCL expression (for example, [IP::client_addr]). This is the most efficient way to insert a single header; to insert multiple headers use an iRule or an Endpoint policy

Core, Next

knownMethods (array)

CONNECT, DELETE, GET, HEAD, LOCK, OPTIONS, POST, PROPFIND, PUT, TRACE, UNLOCK

None

List of HTTP request methods BIG-IP AS3 should recognize as normal. Any method not in this list will provoke the ‘unknownMethodAction’ action

Core

maxRequests (integer)

None

[0-2147483647]

When BIG-IP AS3 has processed more than this number of requests through a connection, the system closes it. Default 0 means permit unlimited requests

Core

multiplexTransformations (boolean)

true

true, false

If true (default), BIG-IP AS3 adjusts request headers to work properly when the virtual server uses a Multiplex profile

Core

otherXFF (array)

None

None

Names of request headers to treat as equivalent to X-Forwarded-For (see trustXFF)

Core

pipelineAction (string)

allow

allow, reject, pass-through

Default ‘allow’ means clients may pipeline HTTP/1.1 requests to pool members which support pipelining. Otherwise, ‘reject’ prevents pipelining, and ‘pass-through’ causes the connection to switch to pass-through mode when the system detects pipelining

Core

profileWebSocket (object)

None

None

Deprecated. Specifies the WebSocket profile that will be used on Services alongside this HTTP profile. When the ‘profileWebSocket’ property is used on a Service, it will supersede this property.

Core

proxyConnectEnabled (boolean)

None

true, false

Determines if a proxy connection profile will be created

Core

proxyType (string)

reverse

reverse, transparent, explicit

Default value ‘reverse’ is usually appropriate. You may use ‘transparent’ when virtual server will handle a mix of HTTP and non-HTTP traffic. You may use ‘explicit’ when clients will ask ADC to proxy connections to arbitrary remote services

Core

whiteOutHeader (string)

None

None

You may name one request header you want whited-out of each request before BIG-IP AS3 sends it to a pool member. To remove more than a single named header, use an iRule or an Endpoint policy. (Whiting-out a header leaves its name but replaces its value in the request with space characters (ASCII 0x20) to avoid changing the length of the headers.)

Core, Next

xForwardedFor (boolean)

true

true, false

If true, insert an X-Forwarded-For header carrying the client IP address into each HTTP request sent to a pool member (default true)

Core, Next

serverHeaderValue (string)

BigIP

None

Server header value to place in responses generated by the ADC itself (not obtained from a pool member)

Core, Next

trustXFF (boolean)

None

true, false

If true, WAF (ASM) and AVR may trust X-Forwarded-For headers found in incoming requests and report statistics using client IP addresses appearing in them (default false). Use this feature only when you control upstream gateway(s)

Core

unknownMethodAction (string)

allow

allow, reject, pass-through

Default ‘allow’ means clients may make HTTP requests using unknown methods. Otherwise, ‘reject’ means to discard any unknown-method request and reject the client connection, and ‘pass-through’ causes the connection to switch to pass-through mode upon the first unknown-method request

Core

viaHost (string)

None

None

Hostname to place in Via header when viaRequest or viaResponse is ‘append’

Core

viaRequest (string)

remove

append, preserve, remove

Controls treatment of Via: headers in requests from clients. When set to ‘append’ BIG-IP AS3 requires viaHost

Core

viaResponse (string)

remove

append, preserve, remove

Controls treatment of Via: headers in responses from pool members. When set to ‘append’ BIG-IP AS3 requires viaHost

Core

webSocketMasking (string)

unmask

preserve, remask, selective, unmask

Deprecated. WebSocket stream data is always masked from client to ADC and from ADC to server. Default value ‘unmask’ makes stream data passing through visible to ADC security policy and/or iRules attached to the service. ‘selective’ unmasks stream data only when a security policy is attached. ‘preserve’ passes data through masked (unreadable by security policy). ‘remask’ causes different masking keys to be used on client and server sides. When specified the property ‘profileWebSocket’ supersedes this property.

Core

webSocketsEnabled (boolean)

None

true, false

Deprecated. When true, allow clients to initiate WebSocket connections (default false). When specified the property ‘profileWebSocket’ supersedes this property.

Core

HTTP_Profile_Reverse

Extra HTTP profile configurable options when proxyType is ‘reverse’

Name

Default

Values

Description

Supported On

maxHeaderCount (integer)

64

[1-1024]

When the number of headers in an incoming HTTP request exceeds this value, discard the request and reset the client connection

Core

maxHeaderSize (integer)

32768

[9-262144]

When the total size in octets of the headers of an incoming HTTP request exceeds this value, discard the request and reset the client connection

Core

truncatedRedirects (boolean)

None

true, false

If false (default) elide malformed redirects from pool members, otherwise pass them to client

Core

HTTP_Profile_Transparent

Extra HTTP profile configurable options when proxyType is ‘transparent’

Name

Default

Values

Description

Supported On

maxHeaderCount (integer)

32

[1-1024]

When the number of headers in a request or response exceeds this value (default 32), take the excessX…Headers action

Core

maxHeaderSize (integer)

16384

[9-262144]

When the total size in octets of the headers of request or response exceeds this value (default 16384), take the oversizeX…Headers action

Core

excessClientHeaders (string)

pass-through

pass-through, reject

When a client request violates maxHeaderCount, either switch to pass-through mode (default) or reject the connection

Core

excessServerHeaders (string)

pass-through

pass-through, reject

When a pool member response violates maxHeaderCount, either switch to pass-through mode (default) or reject the connection

Core

oversizeClientHeaders (string)

pass-through

pass-through, reject

When a client request violates maxHeaderSize, either switch to pass-through mode (default) or reject the connection

Core

oversizeServerHeaders (string)

pass-through

pass-through, reject

When a pool member response violates maxHeaderSize, either switch to pass-through mode (default) or reject the connection

Core

truncatedRedirects (boolean)

true

true, false

If true (default) pass malformed redirects to client

Core

HTTP_Profile_Explicit

Extra HTTP profile configurable options when proxyType is ‘explicit’

Name

Default

Values

Description

Supported On

maxHeaderCount (integer)

64

[1-1024]

When the number of headers in an incoming HTTP request exceeds this value, discard the request and reset the client connection

Core

maxHeaderSize (integer)

32768

[9-262144]

When the total size in octets of the headers of an incoming HTTP request exceeds this value, discard the request and reset the client connection

Core

truncatedRedirects (boolean)

None

true, false

If false (default) elide malformed redirects from pool members, otherwise pass them to client

Core

resolver (object)

None

None

BIG-IP AS3 pointer to DNS resolver used to resolve hostnames in client requests

Core

doNotProxyHosts (array)

none

None

When a client makes a (proxy-type) request to some host on this list, that request will simply be load-balanced to a pool member (without DNS resolution). This is ineffective for HTTPS requests

Core

tunnelName (string)

http-tunnel

None

Name of tunnel used for outbound CONNECT requests (default ‘http-tunnel’)

Core

defaultConnectAction (string)

deny

deny, allow

By default (value ‘deny’) the system refuses CONNECT requests from clients except when there is a virtual server listening to the tunnelName tunnel to accept and process them (typically to authorize and/or intercept outbound TLS connections). Value ‘allow’ will let clients CONNECT to arbitrary remote services

Core

routeDomain (object)

None

None

Proxy requests will leave the ADC from a Self IP in this route domain (default 0)

Core

connectErrorMessage (string)

<html><head><title>Connection Error</title></head><body><h2>Unable to connect to host in proxy request</h2></body></html>

None

Message returned to client when the system cannot establish a proxy connection. May include iRules TCL expressions

Core

dnsErrorMessage (string)

<html><head><title>DNS Resolution Error</title></head><body><h2>Cannot resolve hostname in proxy request</h2></body></html>

None

Message returned to the client when the system cannot resolve the hostname in the request. May include iRules TCL expressions

Core

badRequestMessage (string)

<html><head><title>Bad Request</title></head><body><h2>Invalid proxy request</h2></body></html>

None

Message returned to client when proxy request is erroneous. May include iRules TCL expressions

Core

badResponseMessage (string)

<html><head><title>Bad Response</title></head><body><h2>Proxy request provoked invalid response</h2></body></html>

None

Message returned to client when response to proxy request is erroneous. May include iRules TCL expressions

Core

ipv6 (boolean)

None

true, false

Specifies the relative order of IPv4 and IPv6 DNS resolutions for URIs. If false (default), then the system performs IPv4 lookup before IPv6.

Core

HTTP2_Profile

Profile to enable HTTP2

Name

Default

Values

Description

Supported On

class (string)

HTTP2_Profile

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

activationMode (string)

alpn

alpn, always

This setting specifies the condition that will cause the BIG-IP system to handle an incoming connection as an HTTP/2 connection.

Core, Next

concurrentStreamsPerConnection (integer)

10

[1-256]

The number of concurrent connections to allow on a single HTTP/2 connection.

Core, Next

connectionIdleTimeout (integer)

300

[1-4294967295]

The number of seconds that a HTTP/2 connection is left open idly before it is closed.

Core

enforceTlsRequirements (boolean)

true

true, false

Enable or disable enforcement of TLS requirements.

Core, Next

frameSize (integer)

2048

[1024-16384]

The size of the data frames, in bytes, that the HTTP/2 protocol sends to the client.

Core

headerTableSize (integer)

4096

[0-65535]

The size of the header table, in KB, for the HTTP headers that the HTTP/2 protocol compresses to save bandwidth.

Core

includeContentLength (boolean)

None

true, false

Enable to include content-length in HTTP/2 headers.

Core

insertHeader (boolean)

None

true, false

This setting specifies whether the BIG-IP system should add an HTTP header to the HTTP request to show that the request was received over HTTP/2.

Core, Next

insertHeaderName (string)

X-HTTP2

None

This setting specifies the name of the header that the BIG-IP system will add to the HTTP request when the Insert Header is enabled.

Core, Next

receiveWindow (integer)

32

[16-128]

The flow-control size for upload streams, in KB.

Core

writeSize (integer)

16384

[2048-32768]

The total size of combined data frames, in bytes, that the HTTP/2 protocol sends in a single write function.

Core

IRule

iRule definition with configurable options

Name

Default

Values

Description

Supported On

class (string)

iRule

None

None

Core, Next

expand (boolean)

true

true, false

If true (default), expand backquoted variables in iRule

Core

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

iRule (object)

None

See “IRule_Core”

Reference to an iRule or text of an iRule

Core, Next

IRule_Core

Reference to an iRule or text of an iRule

Name

Default

Values

Description

Supported On

IRule_Core (object | object | object)

None

See “F5_String” | None | None

Reference to an iRule or text of an iRule

Core, Next

L4_Profile

Configures a Fast Layer 4 profile

Name

Default

Values

Description

Supported On

class (string)

L4_Profile

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

clientTimeout (integer)

30

[-1-86400]

Number of seconds allowed for a client to transmit enough data to select a server when you have late binding enabled. Value -1 means indefinite (not recommended)

Core

idleTimeout (integer)

300

None

Number of seconds (default 300; may not be 0) connection may remain idle before it becomes eligible for deletion. Value -1 (not recommended) means infinite

Core, Next

keepAliveInterval (integer)

None

[0-4294967295]

Number of seconds between keep-alive probes. A value of 0 seconds disables the feature.

Core

looseClose (boolean)

None

true, false

When true, system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server (default false).

Core, Next

looseInitialization (boolean)

None

true, false

When true, system initializes a connection when it receives any TCP packet, rather than requiring a SYN packet for connection initiation (default false).

Core, Next

maxSegmentSize (integer)

None

None

Sets MSS advertised to peer. Value 0 (default) will set MSS automatically in proportion to interface MTU. Default 0 is usually the best choice

Core

resetOnTimeout (boolean)

true

true, false

If true (default), connections which time out will be reset (that is, the system sends an RST packet to the peer) before the system expunges them

Core, Next

synCookieAllowlist (boolean)

None

true, false

Specifies whether or not to use a SYN Cookie Allowlist when doing software SYN Cookies. This means not doing a SYN Cookie for the same src IP address if it has been done already in the previous tm.flowstate.timeout (30) seconds. The default value is disabled.

Core

synCookieEnable (boolean)

true

true, false

Enables syn-cookies capability on this virtual server. If true (default), the system may use SYN cookies to avert connection-table overflow (for example, from DoS attacks)

Core

tcpCloseTimeout (integer)

5

[undefined-86400]

Specifies an TCP close timeout in seconds. Value -1 means indefinite (not recommended)

Core, Next

tcpHandshakeTimeout (integer)

5

[undefined-86400]

Specifies a TCP handshake timeout in seconds. The default value is 5 seconds. Value -1 means indefinite (not recommended)

Core, Next

pvaAccelerationMode (string)

full

full, assisted, none, dedicated

Specifies the preferred acceleration mode for the Packet Velocity ASIC (PVA) if the platform supports PVA acceleration. Full - Specifies the system applies full PVA acceleration when possible. Assisted - Specifies the system applies partial PVA acceleration. None - Specifies the system does not use PVA acceleration. Dedicated - Unconditionally enables ePVA acceleration for all TCP FastL4 connections. Inactive, but established connections are not removed from the ePVA to guarantee low latency forwarding for future packets.

Next

pvaDynamicServerPackets (integer)

None

[0-10]

Indicates the number of server packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10.

Next

pvaDynamicClientPackets (integer)

1

[0-10]

Indicates the number of client packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10.

Next

Log_Destination

Configures a log destination

Name

Default

Values

Description

Supported On

Log_Destination (object | object | object | object)

None

None | None | None | None

Configures a log destination

Core

Log_Destination_Management_Port

Sends received messages to a specified IP address and port through the management interface

Name

Default

Values

Description

Supported On

address (string)

None

None

Specifies the IP address that will receive messages from the specified local Log Destination

Core

port (integer)

None

[0-65535]

Specifies the port of the IP address that will receive messages from the specified local Log Destination

Core

protocol (string)

tcp

tcp, udp

Specifies the protocol for the system to use to send logs to the specified location

Core

Log_Destination_Remote_Syslog

Configures Remote Syslog destinations to format log messages into Syslog format and forward them to a Remote High-Speed Log destination

Name

Default

Values

Description

Supported On

format (string)

rfc3164

legacy-bigip, rfc3164, rfc5424

Specifies the method to use to format the logs

Core

defaultFacility (string)

local0

local0, local1, local2, local3, local4, local5, local6, local7

Specifies the facility given to log messages received that do not already have a facility listed

Core

defaultSeverity (string)

info

alert, crit, debug, emerg, err, info, notice, warn

Specifies the severity given to log messages received that do not already have a severity listed

Core

remoteHighSpeedLog (object)

None

None

Specifies a remote high-speed log destination, which the system uses to forward the logs to a pool of remote log servers

Core

Log_Destination_Remote_High_Speed_Log

Sends received messages to a specified pool

Name

Default

Values

Description

Supported On

distribution (string)

adaptive

adaptive, balanced, replicated

Specifies the distribution method used to send messages to pool members

Core

protocol (string)

tcp

tcp, udp

Specifies the protocol for the system to use to send logs to the pool

Core

pool (object)

None

See “Pointer_Pool”

Reference to a pool

Core

Log_Destination_Splunk

Configures Splunk formatting destinations to format incoming log messages into Splunk format

Name

Default

Values

Description

Supported On

forwardTo (object)

None

None

Specifies the log destination to which logs are forwarded

Core

Log_Publisher

Configures lists of destinations for the common logging interface

Name

Default

Values

Description

Supported On

class (string)

Log_Publisher

None

None

Core

label (object)

None

See “Label”

Optional friendly name for this object

Core

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core

destinations (array)

None

None

specify log destinations for this log publisher to use

Core

Custom_Monitor

Custom monitor definition

Name

Default

Values

Description

Supported On

Custom_Monitor (object | object | object | object | object | object)

None

None | None | None | None | None | None

Custom monitor definition

Core, Next

Icmp_Monitor

Icmp monitor definition

Name

Default

Values

Description

Supported On

class (string)

Monitor

None

None

Core, Next

adaptiveLimitMilliseconds (integer)

1000

[1-10000]

Probe fails if response latency exceeds this number of milliseconds

Core

adaptiveWindow (integer)

180

[5-1800]

Time window over which the system samples latency (seconds)

Core

interval (integer)

5

[0-3600]

Poll interval (seconds)

Core, Next

monitorType (string)

None

None

Specifies the type of monitor

Core, Next

timeout (integer)

16

[0-900]

Time limit for node to respond (seconds)

Core, Next

Inband_Monitor

Inband monitor definition

Name

Default

Values

Description

Supported On

class (string)

Monitor

None

None

Core, Next

failureInterval (integer)

None

None

Specifies the failure interval

Core, Next

failures (integer)

None

None

Specifies the failures count

Core, Next

monitorType (string)

None

None

Specifies the type of monitor

Core, Next

responseTime (integer)

None

None

Specifies the response time

Core, Next

retryTime (integer)

None

None

Specifies the time to retry in

Core, Next

Http_Monitor

HTTP monitor definition

Name

Default

Values

Description

Supported On

class (string)

Monitor

None

None

Core, Next

adaptiveWindow (integer)

180

[1-1800]

Time window over which the system samples latency (seconds)

Core

adaptiveLimitMilliseconds (integer)

1000

[1-10000]

Probe fails if response latency exceeds this number of milliseconds

Core

interval (integer)

5

[0-3600]

Poll interval (seconds)

Core, Next

monitorType (string)

None

None

Specifies the type of monitor

Core, Next

passphrase (object)

None

See “Property_Passphrase”

A passphrase (passphrase property)

Core, Next

receive (string)

None

None

Mark node up upon receipt of this (backquote-expanded) string

Core, Next

receiveDown (string)

None

None

Mark node down upon receipt of this (backquote-expanded) string (optional; must be empty when ‘reverse’ is true)

Core, Next

send (string)

None

None

Send this (backquote-expanded) string to query node

Core, Next

timeout (integer)

16

[0-900]

Time limit for node to respond (seconds)

Core, Next

username (string)

None

None

Username if any for query authentication

Core, Next

Tcp_Monitor

TCP monitor definition

Name

Default

Values

Description

Supported On

class (string)

Monitor

None

None

Core, Next

adaptiveLimitMilliseconds (integer)

1000

[1-10000]

Probe fails if response latency exceeds this number of milliseconds

Core

adaptiveWindow (integer)

180

[5-1800]

Time window over which the system samples latency (seconds)

Core

interval (integer)

5

[0-3600]

Poll interval (seconds)

Core, Next

monitorType (string)

None

None

Specifies the type of monitor

Core, Next

receive (string)

None

None

Mark node up upon receipt of this (backquote-expanded) string

Core, Next

receiveDown (string)

None

None

Mark node down upon receipt of this (backquote-expanded) string (optional; must be empty when ‘reverse’ is true)

Core, Next

send (string)

None

None

Send this (backquote-expanded) string to query node

Core, Next

timeout (integer)

16

[0-900]

Time limit for node to respond (seconds)

Core, Next

Monitor

Monitor definition

Name

Default

Values

Description

Supported On

Monitor (string | object)

None

http, https, http2, inband, icmp, tcp | None

Monitor definition

Core, Next

Multiplex_Profile

Multiplex (OneConnect) profile with configurable options

Name

Default

Values

Description

Supported On

class (string)

Multiplex_Profile

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

sourceMask (string)

None

None

Idle connection re-use applies to connections whose source address matches this mask

Core, Next

Property_Always_Set

If true, set cookie with every HTTP response (default false)

Name

Default

Values

Description

Supported On

Property_Always_Set (boolean)

None

true, false

If true, set cookie with every HTTP response (default false)

Core, Next

Property_Duration

Lifetime of persistence record (seconds, default 0 means indefinite)

Name

Default

Values

Description

Supported On

Property_Duration (integer)

None

[0-604800]

Lifetime of persistence record (seconds, default 0 means indefinite)

Core, Next

Property_Encrypt

If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)

Name

Default

Values

Description

Supported On

Property_Encrypt (boolean)

None

true, false

If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)

Core, Next

Property_Ttl

Requested cookie lifetime (seconds, default 0 means session cookie)

Name

Default

Values

Description

Supported On

Property_Ttl (integer)

None

[0-604800]

Requested cookie lifetime (seconds, default 0 means session cookie)

Core, Next

Property_Match_Across_Pools

Specifies that the system can use any pool that contains this persistence record

Name

Default

Values

Description

Supported On

Property_Match_Across_Pools (boolean)

None

true, false

Specifies that the system can use any pool that contains this persistence record

Core, Next

Property_Match_Across_Virtual_Addresses

Specifies that all persistent connections from the same client IP address go to the same node

Name

Default

Values

Description

Supported On

Property_Match_Across_Virtual_Addresses (boolean)

None

true, false

Specifies that all persistent connections from the same client IP address go to the same node

Core, Next

Property_Match_Across_Virtual_Ports

Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node

Name

Default

Values

Description

Supported On

Property_Match_Across_Virtual_Ports (boolean)

None

true, false

Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node

Core, Next

Property_Persistence_Method

You may customize each basic persistence method

Name

Default

Values

Description

Supported On

Property_Persistence_Method (string)

None

None

You may customize each basic persistence method

Core, Next

Persist_Addr

Configures an address affinity persistence profile

Name

Default

Values

Description

Supported On

class (string)

Persist

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

duration (object)

None

See “Property_Duration”

Lifetime of persistence record (seconds, default 0 means indefinite)

Core, Next

matchAcrossPools (object)

None

See “Property_Match_Across_Pools”

Specifies that the system can use any pool that contains this persistence record

Core, Next

matchAcrossVirtualAddresses (object)

None

See “Property_Match_Across_Virtual_Addresses”

Specifies that all persistent connections from the same client IP address go to the same node

Core, Next

matchAcrossVirtualPorts (object)

None

See “Property_Match_Across_Virtual_Ports”

Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node

Core, Next

persistenceMethod (object)

None

See “Property_Persistence_Method”

You may customize each basic persistence method

Core, Next

Persist_TLS_Session

Configures an address affinity persistence profile

Name

Default

Values

Description

Supported On

class (string)

Persist

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

duration (object)

None

See “Property_Duration”

Lifetime of persistence record (seconds, default 0 means indefinite)

Core, Next

matchAcrossPools (object)

None

See “Property_Match_Across_Pools”

Specifies that the system can use any pool that contains this persistence record

Core, Next

matchAcrossVirtualAddresses (object)

None

See “Property_Match_Across_Virtual_Addresses”

Specifies that all persistent connections from the same client IP address go to the same node

Core, Next

matchAcrossVirtualPorts (object)

None

See “Property_Match_Across_Virtual_Ports”

Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node

Core, Next

persistenceMethod (object)

None

See “Property_Persistence_Method”

You may customize each basic persistence method

Core, Next

Persist_UIE

Configures a universal persistence profile

Name

Default

Values

Description

Supported On

class (string)

Persist

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

duration (object)

None

See “Property_Duration”

Lifetime of persistence record (seconds, default 0 means indefinite)

Core, Next

matchAcrossPools (object)

None

See “Property_Match_Across_Pools”

Specifies that the system can use any pool that contains this persistence record

Core, Next

matchAcrossVirtualAddresses (object)

None

See “Property_Match_Across_Virtual_Addresses”

Specifies that all persistent connections from the same client IP address go to the same node

Core, Next

matchAcrossVirtualPorts (object)

None

See “Property_Match_Across_Virtual_Ports”

Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node

Core, Next

persistenceMethod (object)

None

See “Property_Persistence_Method”

You may customize each basic persistence method

Core, Next

Persist

Declares persistence settings

Name

Default

Values

Description

Supported On

Persist (object | object | object | object | object | object | object)

None

None | None | None | None | None | None | None

Declares persistence settings

Core, Next

Pool

Declares a service pool

Name

Default

Values

Description

Supported On

class (string)

Pool

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

loadBalancingMode (string)

round-robin

fastest-app-response, least-connections-member, predictive-member, ratio-least-connections-member, ratio-session, round-robin, weighted-round-robin

Load-balancing mode

Core, Next

monitors (array)

None

None

None

Core, Next

members (array)

None

None

None

Core, Next

Pool_Member

Declares a service pool member

Name

Default

Values

Description

Supported On

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

addressDiscovery (string)

None

None

Selects how server (node) addresses are discovered

Core, Next

priorityGroup (integer)

None

[0-65535]

None

Core, Next

ratio (integer)

None

[0-100]

Specifies the weight of the pool member for load balancing purposes

Core, Next

servicePort (integer)

None

[0-65535]

None

Core, Next

serverAddresses (array)

None

None

Static IP addresses of servers (nodes)

Core, Next

servers (array)

None

None

Same as serverAddresses, but allowing for further specification of each node

Core, Next

shareNodes (boolean)

None

true, false

If enabled, nodes are created in /Common instead of the tenant’s partition

Core, Next

weight (integer)

None

[1-65535]

Specifies the weight for load balancing with weight-based load balancing methods

Next

Service_HTTP

HTTP virtual server

Name

Default

Values

Description

Supported On

class (string)

Service_HTTP

None

None

Core, Next

persistenceMethods (object)

cookie

See “Pointer_Profile_Persistence”

Reference for Profile persistance

Core, Next

clientTLS (object)

None

None

None

Core, Next

enable (boolean)

true

true, false

None

Core, Next

inlineConnector (object)

None

See “Pointer_Use”

Reference for use property

Core, Next

inspectionServices (array)

None

None

None

Next

mirroring (object)

None

See “Mirroring”

Controls connection-mirroring for high-availability

Core, Next

profileAnalytics (object)

None

See “Pointer_Profile_Standard”

Reference for a standard profile

Core, Next

profileAnalyticsTcp (object)

None

See “Pointer_Profile_Standard”

Reference for a standard profile

Core, Next

profileHTTP (object)

None

See “Pointer_Profile_Ingress_Egress”

Reference use, ingress, and egress on profile

Core, Next

profileHTTP2 (object)

None

See “Pointer_Profile_Ingress_Egress”

Reference use, ingress, and egress on profile

Core, Next

profileHTTPCompression (object)

None

See “Pointer_Profile_Standard_Plus_Template”

Reference for a standard profile with template

Core, Next

profileHTTPAcceleration (object)

None

See “Pointer_Profile_Standard”

Reference for a standard profile

Core, Next

profileMultiplex (object)

None

See “Pointer_Profile_Standard”

Reference for a standard profile

Core, Next

profileTCP (object)

None

See “Pointer_Profile_Ingress_Egress”

Reference use, ingress, and egress on profile

Core, Next

serverTLS (object)

None

See “Pointer_String”

Reference that is a string

Core, Next

snat (object)

auto

See “Pointer_SNAT”

Reference for SNAT pointer (includes string and snat pool)

Core, Next

tap (object)

None

See “Pointer_Use”

Reference for use property

Core, Next

iRules (object)

None

See “Pointer_IRules”

List of iRule references

Core, Next

policyWAF (object)

None

None

None

Core, Next

policyIAM (object)

None

See “Pointer_BIGIP”

Reference for a BIG-IP object

Core, Next

policyPerRequestAccess (object)

None

See “Pointer_BIGIP”

Reference for a BIG-IP object

Core, Next

pool (object)

None

See “Pointer_Use_Or_String”

Reference for use property or string

Core, Next

virtualAddresses (object)

None

See “Virtual_Addresses”

Virtual addresses array

Core, Next

virtualPort (object)

80

See “Virtual_Port”

Virtual port

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

Service_HTTPS

HTTPS virtual server

Name

Default

Values

Description

Supported On

class (string)

Service_HTTPS

None

None

Core, Next

clientTLS (object)

None

None

None

Core, Next

enable (boolean)

true

true, false

None

Core, Next

inlineConnector (object)

None

See “Pointer_Use”

Reference for use property

Core, Next

inspectionServices (array)

None

None

None

Next

profileBotDefense (array)

None

None

Attaches a Bot Defense profile to the service

Core, Next

mirroring (object)

None

See “Mirroring”

Controls connection-mirroring for high-availability

Core, Next

persistenceMethods (object)

cookie

See “Pointer_Profile_Persistence”

Reference for Profile persistance

Core, Next

profileAnalytics (object)

None

See “Pointer_Profile_Standard”

Reference for a standard profile

Core, Next

profileAnalyticsTcp (object)

None

See “Pointer_Profile_Standard”

Reference for a standard profile

Core, Next

profileHTTP (object)

None

See “Pointer_Profile_Ingress_Egress”

Reference use, ingress, and egress on profile

Core, Next

profileHTTP2 (object)

None

See “Pointer_Profile_Ingress_Egress”

Reference use, ingress, and egress on profile

Core, Next

profileHTTPCompression (object)

None

See “Pointer_Profile_Standard_Plus_Template”

Reference for a standard profile with template

Core, Next

profileHTTPAcceleration (object)

None

See “Pointer_Profile_Standard”

Reference for a standard profile

Core, Next

profileMultiplex (object)

None

See “Pointer_Profile_Standard”

Reference for a standard profile

Core, Next

profileTCP (object)

None

See “Pointer_Profile_Ingress_Egress”

Reference use, ingress, and egress on profile

Core, Next

redirect80 (boolean)

None

true, false

None

Core, Next

serverTLS (object)

None

See “Pointer_String”

Reference that is a string

Core, Next

snat (object)

auto

See “Pointer_SNAT”

Reference for SNAT pointer (includes string and snat pool)

Core, Next

tap (object)

None

See “Pointer_Use”

Reference for use property

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

iRules (object)

None

See “Pointer_IRules”

List of iRule references

Core, Next

policyWAF (object)

None

None

None

Core, Next

policyIAM (object)

None

See “Pointer_BIGIP”

Reference for a BIG-IP object

Core, Next

policyPerRequestAccess (object)

None

See “Pointer_BIGIP”

Reference for a BIG-IP object

Core, Next

pool (object)

None

See “Pointer_Use_Or_String”

Reference for use property or string

Core, Next

virtualAddresses (object)

None

See “Virtual_Addresses”

Virtual addresses array

Core, Next

virtualPort (object)

443

See “Virtual_Port”

Virtual port

Core, Next

Service_L4

Fast L4 virtual server

Name

Default

Values

Description

Supported On

class (string)

Service_L4

None

None

Core, Next

enable (boolean)

true

true, false

Enables property function

Core, Next

profileL4 (object)

None

See “Pointer_Profile_Standard”

Reference for a standard profile

Core, Next

virtualAddresses (object)

None

See “Virtual_Addresses”

Virtual addresses array

Core, Next

virtualPort (object)

80

See “Virtual_Port”

Virtual port

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

mirroring (object)

None

See “Mirroring”

Controls connection-mirroring for high-availability

Core, Next

profileBotDefense (array)

None

None

Attaches a Bot Defense profile to the service

Core, Next

persistenceMethods (object)

source-address

See “Pointer_Profile_Persistence”

Reference for Profile persistance

Core, Next

snat (object)

auto

See “Pointer_SNAT”

Reference for SNAT pointer (includes string and snat pool)

Core, Next

iRules (object)

None

See “Pointer_IRules”

List of iRule references

Core, Next

policyWAF (object)

None

None

None

Core, Next

policyIAM (object)

None

See “Pointer_BIGIP”

Reference for a BIG-IP object

Core, Next

policyPerRequestAccess (object)

None

See “Pointer_BIGIP”

Reference for a BIG-IP object

Core, Next

pool (object)

None

See “Pointer_Use_Or_String”

Reference for use property or string

Core, Next

Service_Pool

Pool Service

Name

Default

Values

Description

Supported On

class (string)

Service_Pool

None

None

Next

label (object)

None

See “Label”

Optional friendly name for this object

Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Next

pool (object)

None

See “Pointer_Use_Or_String”

Reference for use property or string

Next

Service_TCP

TCP virtual server

Name

Default

Values

Description

Supported On

class (string)

Service_TCP

None

None

Core, Next

enable (boolean)

true

true, false

None

Core, Next

clientTLS (object)

None

None

None

Core, Next

mirroring (object)

None

See “Mirroring”

Controls connection-mirroring for high-availability

Core, Next

persistenceMethods (object)

source-address

See “Pointer_Profile_Persistence”

Reference for Profile persistance

Core, Next

profileAnalyticsTcp (object)

None

See “Pointer_Profile_Standard”

Reference for a standard profile

Core, Next

profileTCP (object)

None

See “Pointer_Profile_Ingress_Egress”

Reference use, ingress, and egress on profile

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

iRules (object)

None

See “Pointer_IRules”

List of iRule references

Core, Next

inlineConnector (object)

None

See “Pointer_Use”

Reference for use property

Core, Next

inspectionServices (array)

None

None

None

Next

policyWAF (object)

None

None

None

Core, Next

policyIAM (object)

None

See “Pointer_BIGIP”

Reference for a BIG-IP object

Core, Next

policyPerRequestAccess (object)

None

See “Pointer_BIGIP”

Reference for a BIG-IP object

Core, Next

pool (object)

None

See “Pointer_Use_Or_String”

Reference for use property or string

Core, Next

snat (object)

auto

See “Pointer_SNAT”

Reference for SNAT pointer (includes string and snat pool)

Core, Next

tap (object)

None

See “Pointer_Use”

Reference for use property

Core, Next

virtualAddresses (object)

None

See “Virtual_Addresses”

Virtual addresses array

Core, Next

virtualPort (object)

80

See “Virtual_Port”

Virtual port

Core, Next

serverTLS (object)

None

See “Pointer_String”

Reference that is a string

Core, Next

Service_UDP

UDP virtual server

Name

Default

Values

Description

Supported On

class (string)

Service_UDP

None

None

Core, Next

enable (boolean)

true

true, false

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

mirroring (object)

None

See “Mirroring”

Controls connection-mirroring for high-availability

Core, Next

persistenceMethods (object)

source-address

See “Pointer_Profile_Persistence”

Reference for Profile persistance

Core, Next

profileUDP (object)

None

See “Pointer_Profile_Standard”

Reference for a standard profile

Core, Next

profileBotDefense (array)

None

None

None

Core, Next

iRules (object)

None

See “Pointer_IRules”

List of iRule references

Core, Next

inlineConnector (object)

None

See “Pointer_Use”

Reference for use property

Core, Next

inspectionServices (array)

None

None

None

Next

policyWAF (object)

None

None

None

Core, Next

policyIAM (object)

None

See “Pointer_BIGIP”

Reference for a BIG-IP object

Core, Next

policyPerRequestAccess (object)

None

See “Pointer_BIGIP”

Reference for a BIG-IP object

Core, Next

pool (object)

None

See “Pointer_Use_Or_String”

Reference for use property or string

Core, Next

snat (object)

auto

See “Pointer_SNAT”

Reference for SNAT pointer (includes string and snat pool)

Core, Next

tap (object)

None

See “Pointer_Use”

Reference for use property

Core, Next

virtualAddresses (object)

None

See “Virtual_Addresses”

Virtual addresses array

Core, Next

virtualPort (object)

80

See “Virtual_Port”

Virtual port

Core, Next

SNAT_Pool

SNAT pool

Name

Default

Values

Description

Supported On

class (string)

SNAT_Pool

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

snatAddresses (array)

None

None

List of SNAT addresses– may include both IPv4 and IPv6

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

TCP_Profile

TCP Profile

Name

Default

Values

Description

Supported On

class (string)

TCP_Profile

None

None

Core, Next

idleTimeout (integer)

None

None

Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion

Core, Next

proxyBufferHigh (integer)

262144

[64-33554432]

The system closes the receive window when the number of octets in proxy buffer rises above this value

Core, Next

proxyBufferLow (integer)

196608

[64-33554432]

The system opens the receive window when the number of octets in proxy buffer falls below this value

Core, Next

sendBufferSize (integer)

262144

[64-33554432]

Maximum size of send buffer

Core, Next

template (string)

None

lan, wan, mobile, normal

None

Next

TLS_Client

TLS Client Profile

Name

Default

Values

Description

Supported On

class (string)

TLS_Client

None

None

Core, Next

ciphers (string)

None

None

Ciphersuite selection string. ciphers and cipherGroup are mutually exclusive, only use one.

Core, Next

tls1_1Enabled (boolean)

true

true, false

Allow TLS 1.1 Ciphers.

Core, Next

tls1_2Enabled (boolean)

true

true, false

Allow TLS 1.2 Ciphers.

Core, Next

tls1_3Enabled (boolean)

true

true, false

Allow TLS 1.3 Ciphers.

Core, Next

trustCA (object,string)

None

None

CA’s trusted to validate server certificate; ‘generic’ (default) or else BIG-IP AS3 pointer to declaration of CA Bundle

Core, Next

TLS_Server

TLS Server Profile

Name

Default

Values

Description

Supported On

authenticationTrustCA (object)

None

None

Pointer to CA Bundle used to validate client certificates

Next

class (string)

TLS_Server

None

None

Core, Next

certificates (array)

None

None

Primary and (optional) additional certificates (order is significant, element 0 is primary cert)

Core, Next

ciphers (string)

None

None

Ciphersuite selection string. ciphers and cipherGroup are mutually exclusive, only use one.

Core, Next

enableAuthentication (boolean)

None

true, false

Enables authentication

Next

tls1_1Enabled (boolean)

true

true, false

Allow TLS 1.1 Ciphers.

Core, Next

tls1_2Enabled (boolean)

true

true, false

Allow TLS 1.2 Ciphers.

Core, Next

tls1_3Enabled (boolean)

true

true, false

Allow TLS 1.3 Ciphers.

Core, Next

UDP_Profile

Configures a User Datagram Protocol (UDP) profile

Name

Default

Values

Description

Supported On

class (string)

UDP_Profile

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

allowNoPayload (boolean)

None

true, false

When true, forward UDP datagrams with empty payloads (default false)

Core

bufferMaxBytes (integer)

655350

[65535-16777215]

Limit to number of octets which the system may buffer for a UDP flow (default 655350)

Core

bufferMaxPackets (integer)

None

[0-255]

Limit to number of packets which the system may buffer for a UDP flow (default 0)

Core

datagramLoadBalancing (boolean)

None

true, false

When true, process UDP datagrams independently, without recognizing flows (default false)

Core, Next

idleTimeout (integer)

60

[-1-86400]

Number of seconds (default 60) flow may remain idle before it becomes eligible for deletion. Value 0 allows system to recover per-flow resources whenever convenient (always safe with UDP). Value -1 means indefinite (not recommended)

Core, Next

ipDfMode (string)

pmtu

clear, pmtu, preserve, set

Controls DF (Don’t Fragment) flag in outgoing datagrams. Value ‘pmtu’ (default) sets DF based on IP PMTU value. Value ‘preserve’ copies DF from received datagram. Value ‘set’ forces DF true in all outgoing datagrams. Value ‘clear’ forces DF false in all outgoing datagrams

Core

ipTosToClient (object)

None

None

Specifies the IP TOS/DSCP value in packets sent to clients (default 0). Numeric values in this property are decimal representations of eight-bit numbers, of which the leftmost six bits are the DSCP code per rfc2474 (and the rightmost two bits reserved). You may have to calculate the value of this property by multiplying a DSCP code, such as CS5+EF = 46, by four, to obtain the ‘ipTosToClient’ value, such as 184. Value ‘pass-through’ sets DSCP from the initial server-side value. Value ‘mimic’ copies DSCP from the most-recently received server-side packet (allowing DSCP to vary during the life of a connection)

Core

linkQosToClient (object)

None

None

Specifies the Layer-2 QOS value in packets sent to clients (default 0). Ethernet-type networks recognize numeric codes from 0 to 7. Value ‘pass-through’ sets QOS from the initial server-side value

Core

proxyMSS (boolean)

None

true, false

When true, MSS advertised on the server side will match that negotiated with the client, if permitted by MTU and other constraints (default false)

Core

ttlIPv4 (integer)

255

[1-255]

TTL the system sets in outgoing IPv4 datagrams

Core

ttlIPv6 (integer)

64

[1-255]

TTL the system sets in outgoing IPv6 datagrams

Core

ttlMode (string)

proxy

decrement, preserve, proxy, set

Controls IP TTL in outgoing datagrams. Value ‘set’ forces TTL to value of property ‘ttlIPv4’ or ‘ttlIPv6’ as appropriate. Value ‘proxy’ forces TTL to the default value for IPv4 or IPv6 as appropriate. Value ‘preserve’ copies TTL from received datagram. Value ‘decrement’ sets TTL to one less than received datagram’s TTL

Core

useChecksum (boolean)

None

true, false

When true, system will validate UDP checksums for IPv4 datagrams (default false). Checksums are always validated for IPv6

Core

WAF_Policy

Configures a WAF policy

Name

Default

Values

Description

Supported On

class (string)

WAF_Policy

None

None

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

file (string)

None

None

None

Core, Next

ignoreChanges (boolean)

None

true, false

If false (default), the system updates the policy in every BIG-IP AS3 declaration deployment. If true, BIG-IP AS3 creates the policy on first deployment, and leaves it untouched afterwards

Core, Next

enforcementMode (string)

None

blocking, transparent

Overrides the enforcement mode setting of the WAF policy

Core, Next

policy (object)

None

See “F5_String”

The value can be either a string, text property, base64 property, url property, etc.

Core, Next

WebSocket_Profile

WebSocket profile with configurable options

Name

Default

Values

Description

Supported On

WebSocket_Profile (object)

None

None

WebSocket profile with configurable options

Core

Bearer_Token

Describes using a bearer token to access a resource

Name

Default

Values

Description

Supported On

method (string)

bearer-token

None

Specifies the authentication method

Core

token (object)

None

None

Specifies the bearer token

Core

F5_String

The value can be either a string, text property, base64 property, url property, etc.

Name

Default

Values

Description

Supported On

F5_String (string | object)

None

None | None

The value can be either a string, text property, base64 property, url property, etc.

Core, Next

IP_Address

IP address (v4 or v6)

Name

Default

Values

Description

Supported On

IP_Address (object | object)

None

See “IPv4_Address” | See “IPv6_Address”

IP address (v4 or v6)

Core, Next

IPv4_Address

IPv4 Address

Name

Default

Values

Description

Supported On

IPv4_Address (string)

None

None

IPv4 Address

Core, Next

IPv6_Address

IPv6 Address

Name

Default

Values

Description

Supported On

IPv6_Address (string)

None

None

IPv6 Address

Core, Next

JWE

A value in a cryptogram which is a Flattened JWE JSON Serialization object. If ‘miniJWE’ is true then enc=(none|f5sv) only (in JOSE header)

Name

Default

Values

Description

Supported On

ciphertext (string)

None

None

Put base64url(data_value) here

Core, Next

ignoreChanges (boolean)

None

true, false

If false (default), the system updates the ciphertext in every BIG-IP AS3 declaration deployment. If true, BIG-IP AS3 creates the ciphertext on first deployment, and leaves it untouched afterwards

Core

miniJWE (boolean)

true

true, false

If true (default), object is an f5 mini-JWE

Core

protected (string)

eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0

None

JOSE header: alg=dir, enc=(none|f5sv); default enc=none (encoded default is ‘protected’=’eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0’, use with secret simply base64 url-encoded into ‘ciphertext’). If you see ‘protected’=’eyJhbGciOiJkaXIiLCJlbmMiOiJmNXN2In0’, ‘ciphertext’ contains base64url-encoded SecureVault cryptogram

Core, Next

Label

Optional friendly name for this object

Name

Default

Values

Description

Supported On

Label (string)

None

None

Optional friendly name for this object

Core, Next

Mirroring

Controls connection-mirroring for high-availability

Name

Default

Values

Description

Supported On

Mirroring (string)

None

none, L4

Controls connection-mirroring for high-availability

Core, Next

Pointer_HTTP_Acceleration_Profile

Reference to a HTTP Acceleration Profile

Name

Default

Values

Description

Supported On

Pointer_HTTP_Acceleration_Profile (object)

None

None

Reference to a HTTP Acceleration Profile

Core

Pointer_HTTP_Profile

Reference to a HTTP Profile

Name

Default

Values

Description

Supported On

Pointer_HTTP_Profile (object | object)

None

See “Pointer_BIGIP_Or_Use” | None

Reference to a HTTP Profile

Core

Pointer_IRules

List of iRule references

Name

Default

Values

Description

Supported On

Pointer_IRules (array)

None

None

List of iRule references

Core, Next

Pointer_L4_Profile

Reference to a fast L4 profile

Name

Default

Values

Description

Supported On

Pointer_L4_Profile (object | object)

None

See “Pointer_BIGIP_Or_Use” | None

Reference to a fast L4 profile

Core

Pointer_Log_Destination

Reference to a log destination

Name

Default

Values

Description

Supported On

Pointer_Log_Destination (object | object)

None

See “Pointer_BIGIP_Or_Use” | None

Reference to a log destination

Core

Pointer_Log_Publisher

Reference to a log publisher

Name

Default

Values

Description

Supported On

Pointer_Log_Publisher (object | object)

None

See “Pointer_BIGIP_Or_Use” | None

Reference to a log publisher

Core

Pointer_Pool

Reference to a pool

Name

Default

Values

Description

Supported On

Pointer_Pool (object | object)

None

See “Pointer_BIGIP_Or_Use” | None

Reference to a pool

Core

Pointer_Profile_Ingress_Egress

Reference use, ingress, and egress on profile

Name

Default

Values

Description

Supported On

use (string)

None

None

None

Core, Next

ingress (object)

None

See “Pointer_Use_Or_String”

Reference for use property or string

Core, Next

egress (object)

None

See “Pointer_Use_Or_String”

Reference for use property or string

Core, Next

Pointer_Profile_Standard

Reference for a standard profile

Name

Default

Values

Description

Supported On

Pointer_Profile_Standard (object)

None

See “Pointer_Use”

Reference for a standard profile

Core, Next

Pointer_Profile_Standard_Plus_Template

Reference for a standard profile with template

Name

Default

Values

Description

Supported On

Pointer_Profile_Standard_Plus_Template (object)

None

None

Reference for a standard profile with template

Core, Next

Pointer_BIGIP

Reference for a BIG-IP object

Name

Default

Values

Description

Supported On

bigip (string)

None

None

Path to BIG-IP object

Core, Next

Pointer_F5_String_Or_BIGIP

Reference for a property or BIG-IP object

Name

Default

Values

Description

Supported On

Pointer_F5_String_Or_BIGIP (object)

None

None

Reference for a property or BIG-IP object

Core, Next

Pointer_BIGIP_Or_Use

Reference for a BIG-IP or Use object

Name

Default

Values

Description

Supported On

Pointer_BIGIP_Or_Use (object)

None

None

Reference for a BIG-IP or Use object

Core, Next

Pointer_CA_Bundle

Reference to a Ca Bundle

Name

Default

Values

Description

Supported On

bigip (string)

None

None

Pathname of existing BIG-IP Ca Bundle

Core, Next

use (string)

None

None

BIG-IP AS3 pointer to Ca Bundle declaration

Core, Next

Pointer_Certificate_Validator_OCSP

Reference to a OCSP Cert Validator

Name

Default

Values

Description

Supported On

Pointer_Certificate_Validator_OCSP (object)

None

None

Reference to a OCSP Cert Validator

Core, Next

Pointer_Copy_From

pointer to declaration object/property from which to copy value

Name

Default

Values

Description

Supported On

Pointer_Copy_From (string)

None

None

pointer to declaration object/property from which to copy value

Core

Pointer_Data_Group_File

Reference to a Data Group File

Name

Default

Values

Description

Supported On

bigip (string)

None

None

Pathname of existing BIG-IP Data Group File

Core

Pointer_DNS_Resolver

Reference to a DNS resolver

Name

Default

Values

Description

Supported On

Pointer_DNS_Resolver (object)

None

None

Reference to a DNS resolver

Core

Pointer_Profile_Persistence

Reference for Profile persistance

Name

Default

Values

Description

Supported On

Pointer_Profile_Persistence (array)

None

None

Reference for Profile persistance

Core, Next

Pointer_SNAT

Reference for SNAT pointer (includes string and snat pool)

Name

Default

Values

Description

Supported On

Pointer_SNAT (object)

None

None

Reference for SNAT pointer (includes string and snat pool)

Core, Next

Pointer_SSL_Certificate

Reference to a SSL certificate

Name

Default

Values

Description

Supported On

Pointer_SSL_Certificate (object)

None

None

Reference to a SSL certificate

Core

Pointer_Use

Reference for use property

Name

Default

Values

Description

Supported On

use (string)

None

None

Path to object in declaration

Core, Next

Pointer_Use_Or_String

Reference for use property or string

Name

Default

Values

Description

Supported On

Pointer_Use_Or_String (object)

None

None

Reference for use property or string

Core, Next

Pointer_String

Reference that is a string

Name

Default

Values

Description

Supported On

Pointer_String (string)

None

None

Reference that is a string

Core, Next

Pointer_WebSocket_Profile

Reference to a WebSocket Profile

Name

Default

Values

Description

Supported On

Pointer_WebSocket_Profile (object)

None

None

Reference to a WebSocket Profile

Core

Property_Base64

A Base64-encoded value (base64 property)

Name

Default

Values

Description

Supported On

Property_Base64 (object)

None

See “Resource_Base64”

A Base64-encoded value (base64 property)

Core, Next

Property_Passphrase

A passphrase (passphrase property)

Name

Default

Values

Description

Supported On

Property_Passphrase (object)

None

See “Secret”

A passphrase (passphrase property)

Core, Next

Property_Text

A text value (text property)

Name

Default

Values

Description

Supported On

Property_Text (object)

None

See “Resource_Text”

A text value (text property)

Core, Next

Remark

Arbitrary (brief) text pertaining to this object (optional)

Name

Default

Values

Description

Supported On

Remark (string)

None

None

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

Resource_Base64

A Base64-encoded value

Name

Default

Values

Description

Supported On

Resource_Base64 (string)

None

None

A Base64-encoded value

Core, Next

Resource_Text

UTF-8 text (in JSON string)

Name

Default

Values

Description

Supported On

Resource_Text (string)

None

None

UTF-8 text (in JSON string)

Core, Next

Resource_URL

The URL for a required resource

Name

Default

Values

Description

Supported On

Resource_URL (string | object)

None

None | None

The URL for a required resource

Core, Next

Secret

A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL

Name

Default

Values

Description

Supported On

Secret (string | object)

None

None | None

A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL

Core, Next

Secret_Resource_URL

Describes the URL to remote resource and optional parameters

Name

Default

Values

Description

Supported On

Secret_Resource_URL (string | object)

None

None | None

Describes the URL to remote resource and optional parameters

Core

Virtual_Addresses

Virtual addresses array

Name

Default

Values

Description

Supported On

Virtual_Addresses (array)

None

None

Virtual addresses array

Core, Next

Virtual_Port

Virtual port

Name

Default

Values

Description

Supported On

Virtual_Port (integer | array)

None

None | None

Virtual port

Core, Next

Basic_Auth

Describes the basic authentication to access a resource

Name

Default

Values

Description

Supported On

method (string)

None

basic

Specifies the authentication method

Core, Next

username (string)

None

None

Specifies the user name for authentication

Core, Next

passphrase (object)

None

None

Specifies the password for authentication

Core, Next

Application

Declares an Application

Name

Default

Values

Description

Supported On

class (string)

Application

None

None

Core, Next

template (string)

None

None

This is a deprecated property found in older BIG-IP AS3 declarations and it will be ignored

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

constants (object)

None

See “Constants”

Named values for (re-)use by declaration objects

Core, Next

Application_Objects

Application objects definition

Name

Default

Values

Description

Supported On

Application_Objects (object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object | object)

None

None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None | None

Application objects definition

Core, Next

Property_Names

Property names

Name

Default

Values

Description

Supported On

Property_Names (object)

None

None

Property names

Core, Next

Tenant

Declares a Tenant

Name

Default

Values

Description

Supported On

class (string)

Tenant

None

None

Core, Next

controls (object)

None

See “Controls”

Optional controls configuration

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

constants (object)

None

See “Constants”

Named values for (re-)use by declaration objects

Core, Next

ADC

Indicates this document is an ADC declaration

Name

Default

Values

Description

Supported On

class (string)

ADC

None

Indicates this document is an ADC declaration

Core, Next

schemaVersion (string)

None

3.46.0, 3.45.0, 3.44.0, 3.43.0, 3.42.0, 3.41.0, 3.40.0, 3.39.0, 3.38.0, 3.37.0, 3.36.0, 3.35.0, 3.34.0, 3.33.0, 3.32.0, 3.31.0, 3.30.0, 3.29.0, 3.28.0, 3.27.0, 3.26.0, 3.25.0, 3.24.0, 3.23.0, 3.22.0, 3.21.0, 3.20.0, 3.19.0, 3.18.0, 3.17.0, 3.16.0, 3.15.0, 3.14.0, 3.13.0, 3.12.0, 3.11.0, 3.10.0, 3.9.0, 3.8.1, 3.7.1, 3.6.0, 3.5.2, 3.5.1, 3.4.0, 3.3.0, 3.2.0, 3.1.0, 3.0.0

Version of ADC Declaration schema this declaration uses

Core, Next

id (string)

None

None

Unique identifier for this declaration (max 255 printable chars with no spaces, quotation marks, angle brackets, nor backslashes)

Core, Next

controls (object)

None

See “Controls”

Optional controls configuration

Core, Next

label (object)

None

See “Label”

Optional friendly name for this object

Core, Next

remark (object)

None

See “Remark”

Arbitrary (brief) text pertaining to this object (optional)

Core, Next

constants (object)

None

See “Constants”

Named values for (re-)use by declaration objects

Core, Next

AS3

BIG-IP AS3 class definition

Name

Default

Values

Description

Supported On

class (string)

AS3

None

Indicates this document is an BIG-IP AS3 declaration

Core, Next

$schema (string)

None

None

URL of schema against which to validate. Used by validation in your local environment only (via Visual Studio Code, for example)

Core, Next

id (string)

None

None

Unique identifier for this declaration (max 255 printable chars with no spaces, quotation marks, angle brackets, nor backslashes)

Core, Next

action (string)

None

deploy, dry-run

Specifies the action to the performed on the ADC declaration

Core, Next

declaration (object)

None

See “ADC”

Indicates this document is an ADC declaration

Core, Next