Schema Reference¶

This page is a reference for the objects you can use in your Declarations for AS3 on BIG-IP Next. For more information on BIG-IP objects and terminology, see the BIG-IP documentation at https://support.f5.com/csp/home.

ADC¶

Indicates this document is an ADC declaration

Name	Default	Values	Description
class (string)	ADC	None	Indicates this document is an ADC declaration
schemaVersion (string)	None	None	Version of ADC Declaration schema this declaration uses
id (string)	None	None	Unique identifier for this declaration (max 255 printable chars with no spaces, quotation marks, angle brackets, nor backslashes)
controls (object)	None	See “Controls”	Optional controls configuration
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
constants (object)	None	See “Constants”	Named values for (re-)use by declaration objects

Analytics_Profile¶

HTTP Analytics profile with configurable options

Name	Default	Values	Description
class (string)	Analytics_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
collectGeo (boolean)	None	true, false	Specifies that the system collects statistics of the names of the countries from which that traffic was sent
collectClientSideStatistics (boolean)	None	true, false	Specifies that the system collects statistics regarding the HTTP request and response times
collectUrl (boolean)	None	true, false	Specifies that the system collects statistics of requested URLs
collectIp (boolean)	None	true, false	Specifies that the system collects statistics of the IP addresses of where the traffic came from
collectDestinationIpGeo (boolean)	None	true, false	Specifies that the system collects statistics of the destination IP addresses
collectSubnet (boolean)	None	true, false	Specifies that the system collects statistics of client subnets
collectUserAgent (boolean)	None	true, false	Specifies that the system collects statistics about browsers used to send traffic
collectOsAndBrowser (boolean)	true	true, false	Specifies that the system collect statistics about the OSs and Browsers used to send requests
collectResponseCode (boolean)	true	true, false	Specifies that the system collects statistics about the distribution of HTTP response codes returned by the servers
collectMethod (boolean)	true	true, false	Specifies that the system collects statistics about the distribution of HTTP methods found in requests
collectMaxTpsAndThroughput (boolean)	None	true, false	Specifies that the system collects statistics for the maximum number of transactions per second, and the maximum amount of traffic moving through the system, both request and response throughput values
collectPageLoadTime (boolean)	None	true, false	Specifies that the system collects statistics of the round-trip latency between client end-users and the servers
collectUserSession (boolean)	None	true, false	Specifies that the system collects statistics of the number of unique user sessions in the application traffic, as determined by the value of the configured HTTP cookies found in the requests
sampling (boolean)	None	true, false	None
samplingRatio (integer)	100	[1-10000]	None
sessionCookieSecurity (string)	ssl-only	ssl-only, always-secure, never-secure	Specify whether to secure session cookies
sessionTimeoutMinutes (integer)	5	[5-60]	The number of minutes of user non-activity ot allow before the system considers the session to be over

Analytics_TCP_Profile¶

TCP Analytics profile with configurable options

Name	Default	Values	Description
class (string)	Analytics_TCP_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
collectCity (boolean)	None	true, false	Specifies that the system saves the name of the city with which traffic was exchanged
collectContinent (boolean)	true	true, false	Specifies that the system saves the name of the continent with which traffic was exchanged
collectCountry (boolean)	true	true, false	Specifies that the system saves the name of the country with which traffic was exchanged
collectedByClientSide (boolean)	true	true, false	Specifies that system collects statistics on the client side
collectedByServerSide (boolean)	true	true, false	Specifies that system collects statistics on the server side
collectNexthop (boolean)	None	true, false	Specifies that the system saves the address to which the traffic is being routed
collectPostCode (boolean)	None	true, false	Specifies that the system saves the name of the postcode with which traffic was exchanged
collectRegion (boolean)	true	true, false	Specifies that the system saves the name of the region with which traffic was exchanged
collectRemoteHostIp (boolean)	None	true, false	Specifies that the system collects IP addresses with which traffic was exchanged
collectRemoteHostSubnet (boolean)	true	true, false	Specifies that the system saves the address of the subnet with which traffic was exchanged

Application¶

Declares an Application

Name	Default	Values	Description
class (string)	Application	None	None
template (string)	None	None	This is a deprecated property found in older BIG-IP AS3 declarations and it will be ignored
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
constants (object)	None	See “Constants”	Named values for (re-)use by declaration objects

Application_Objects¶

Application objects definition

Name	Default	Values	Description
Application_Objects (object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object \| object)	None	None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None \| None	Application objects definition

AS3¶

BIG-IP AS3 class definition

Name	Default	Values	Description
class (string)	AS3	None	Indicates this document is an BIG-IP AS3 declaration
$schema (string)	None	None	URL of schema against which to validate. Used by validation in your local environment only (via Visual Studio Code, for example)
id (string)	None	None	Unique identifier for this declaration (max 255 printable chars with no spaces, quotation marks, angle brackets, nor backslashes)
action (string)	None	deploy, dry-run	Specifies the action to the performed on the ADC declaration
declaration (object)	None	See “ADC”	Indicates this document is an ADC declaration

Basic_Auth¶

Describes the basic authentication to access a resource

Name	Default	Values	Description
method (string)	None	basic	Specifies the authentication method
username (string)	None	None	Specifies the user name for authentication
passphrase (object)	None	None	Specifies the password for authentication

Basic_Monitor¶

Monitor definition

Name	Default	Values	Description
Basic_Monitor (string \| object)	None	http, https, http2, icmp, inband, tcp \| See “Pointer_Monitor”	Monitor definition

CA_Bundle¶

Bundle of one or more PKI Certificate-Authority certificates

Name	Default	Values	Description
class (string)	CA_Bundle	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
bundle (object)	None	None	Reference to a CA bundle or string of PEM encoded certificates

Certificate¶

Configures a Certificate

Name	Default	Values	Description
class (string)	Certificate	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
certificate (object)	None	None	X.509 public-key certificate
privateKey (object)	None	None	Private key matching certificate’s public key (optional)
chainCA (object,string)	None	None	Bundle of one or more CA certificates in trust-chain from root CA to certificate (optional)
passphrase (object)	None	None	If supplied, used to decrypt privateKey at runtime (optional)

Ciphers¶

Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).

Name	Default	Values	Description
Ciphers (string)	None	None	Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).

Constants¶

Named values for (re-)use by declaration objects

Name	Default	Values	Description
class (string)	Constants	None	None

Controls¶

Optional controls configuration

Name	Default	Values	Description
class (string)	Controls	None	None
logLevel (string)	None	emergency, alert, critical, error, warning, notice, info, debug	Controls the amount of detail in logs produced while configuring this Tenant (default is whole-declaration Controls/logLevel value)
traceResponse (boolean)	None	true, false	If true, the response will contain the trace files
userAgent (string)	None	None	User Agent information to include in TEEM report

Data_Group¶

Data group definition with configurable options

Name	Default	Values	Description
class (string)	Data_Group	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
keyDataType (string)	None	integer, ip, string	Specifies the type of record keys the data group contains. If string, the value will be escaped by default
records (array<Data_Group_Records>)	None	None	List of records

Data_Group_Records¶

A record object to store

Name	Default	Values	Description
key (string)	None	None	The key for referencing the record
value (string)	None	None	Value to store

DTLS_Client¶

DTLS Client Profile

Name	Default	Values	Description
authenticationTrustCA (object)	None	None	Pointer to the CA Bundle used to validate client certificates
allowExpiredCRL (boolean)	None	true, false	Specifies if the CRL can be used even if it has expired
class (string)	DTLS_Client	None	None
certificates (array<DTLS_Client_Certificates>)	None	None	Primary and (optional) additional certificates (order is significant, element 0 is the primary certificate)
ciphers (string)	DEFAULT	None	Ciphersuite selection string. Ciphers and cipherGroup are mutually exclusive, only use one
enableAuthentication (boolean)	None	true, false	Enables authentication
crlFile (object)	None	See “Pointer_BIGIP”	Specifies the name of a file containing a list of revoked client certificates
dtls1_0Enabled (boolean)	true	true, false	Allow DTLS 1.0 Ciphers
dtls1_2Enabled (boolean)	true	true, false	Allow DTLS 1.2 Ciphers

DTLS_Client_Certificates¶

DTLS_Client certificates

Name	Default	Values	Description
certificate (string)	None	None	None

DTLS_Server¶

DTLS Server Profile

Name	Default	Values	Description
authenticationTrustCA (object)	None	None	Pointer to the CA Bundle used to validate client certificates
class (string)	DTLS_Server	None	None
certificates (array<DTLS_Server_Certificates>)	None	None	Primary and (optional) additional certificates (order is significant, element 0 is the primary certificate)
ciphers (string)	DEFAULT	None	Ciphersuite selection string. Ciphers and cipherGroup are mutually exclusive, only use one
enableAuthentication (boolean)	None	true, false	Enables authentication
dtls1_0Enabled (boolean)	true	true, false	Allow DTLS 1.0 Ciphers
dtls1_2Enabled (boolean)	true	true, false	Allow DTLS 1.2 Ciphers

DTLS_Server_Certificates¶

DTLS_Server certificates

Name	Default	Values	Description
certificate (string)	None	None	None

F5_String¶

The value can be either a string, text property, base64 property, url property, etc.

Name	Default	Values	Description
F5_String (string \| object)	None	None \| None	The value can be either a string, text property, base64 property, url property, etc.

HTTP_Acceleration_Profile¶

HTTP acceleration profile with configurable options

Name	Default	Values	Description
class (string)	HTTP_Acceleration_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
agingRate (integer)	9	[0-10]	Rate at which a cache entry ages
cacheSize (integer)	100	[1-65536]	The maximum size (in megabytes) for the cache.
ignoreHeaders (string)	all	none, max-age, all	Which cache disabling headers will be ignored by the system
insertAgeHeaderEnabled (boolean)	true	true, false	Age and date headers are inserted into the response when enabled
maximumAge (integer)	3600	[0-4294967295]	How long (in seconds) the system will consider the cached content valid
maximumEntries (integer)	10000	[1-4294967295]	The maximum number of entries that can reside in the cache
maximumObjectSize (integer)	50000	[0-4294967295]	The largest object (in bytes) that the system will cache
minimumObjectSize (integer)	500	[0-4294967295]	The smallest object (in bytes) that the system will cache
uriExcludeList (array<string>)	None	None	A list of URIs that will be excluded from the cache
uriIncludeList (array<string>)	None	None	A list of URIs that will be cacheable
uriIncludeOverrideList (array<string>)	None	None	A list of URIs that should be cached even though they may normally not be due to existing constraints
uriPinnedList (array<string>)	None	None	A list of URIs that are kept in the cache regardless of maxAge or expiry settings

HTTP_Compress¶

HTTP Compression profile with configurable options

Name	Default	Values	Description
class (string)	HTTP_Compress	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
allowHTTP10 (boolean)	None	true, false	Specifies whether to forward HTTP 1.0 requests/responses (default false)
bufferSize (integer)	4096	[256-4294967295]	Maximum number of response octets to buffer before deciding whether to apply compression (default 4096)
contentTypeExcludes (array<string>)	None	None	List of response Content-Type values which BIG-IP AS3 should not compress. Values are regular expressions that match Content-Type strings
contentTypeIncludes (array<string>)	None	None	List of response Content-Type values which BIG-IP AS3 should compress. Values are regular expressions that match Content-Type strings
gzipLevel (integer)	1	[1-9]	Compression level (default 1); higher values produce greater compression but use more CPU cycles
gzipMemory (integer)	8	[1-256]	Compression memory allocation in kilobytes (default 8), should be a power of two
gzipWindowSize (integer)	16	[1-128]	Compression window size in kilobytes (default 16), should be a power of two
keepAcceptEncoding (boolean)	None	true, false	Specifies that the system does not remove the Accept-Encoding header from an HTTP request (default false)
uriExcludes (array<string>)	None	None	List of request URI’s for which BIG-IP AS3 should not compress responses. Values are regular expressions that match request URI strings
uriIncludes (array<string>)	None	None	List of request URI’s for which BIG-IP AS3 should compress responses. Values are regular expressions that match URI strings

HTTP_Profile¶

HTTP profile with configurable options

Name	Default	Values	Description
class (string)	HTTP_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
cookiePassphrase (string)	None	None	Used to create secret key for cookie encryption (when missing, BIG-IP AS3 uses a system-generated key)
encryptCookies (array<string>)	None	None	List cookies to encrypt en-route to the client and decrypt en-route to a pool member
fallbackRedirect (string)	None	Pattern: ^(([^:/?#]+):)?(//([^/?#]))?([^?#])(?([^#]))?(#(.))?	Domain name (or IP address) of service (if any) to which BIG-IP AS3 should redirect a request when no pool member is responsive or selected pool member returns a fallbackStatusCode
requestChunking (string)	preserve	selective, preserve, rechunk, sustain	Controls handling of HTTP payload chunking in requests from clients (default is ‘preserve’). Note: ‘selective’ and ‘preserve’ will be translated to ‘sustain’.
responseChunking (string)	selective	selective, preserve, unchunk, rechunk, sustain	Controls handling of HTTP payload chunking in responses from pool members (default ‘selective’ adapts to most situations). Note: ‘selective’ and ‘preserve’ will be translated to ‘sustain’.
rewriteRedirects (string)	none	none, all, matching, addresses, nodes	In selected Location-header values (default none) of redirect responses from pool members, change protocol HTTP to HTTPS before passing redirects to clients
insertHeader (object)	None	None	You may insert one header into each request before BIG-IP AS3 sends it to a pool member. The header value may be a simple string or the result of an iRules TCL expression (for example, [IP::client_addr]). This is the most efficient way to insert a single header; to insert multiple headers use an iRule or an Endpoint policy
whiteOutHeader (string)	None	Pattern: [x21-x7E]+	You may name one request header you want whited-out of each request before BIG-IP AS3 sends it to a pool member. To remove more than a single named header, use an iRule or an Endpoint policy. (Whiting-out a header leaves its name but replaces its value in the request with space characters (ASCII 0x20) to avoid changing the length of the headers.)
xForwardedFor (boolean)	true	true, false	If true, insert an X-Forwarded-For header carrying the client IP address into each HTTP request sent to a pool member (default true)
serverHeaderValue (string)	BigIP	Pattern: [x20-x7Ex80-xffx09]+	Server header value to place in responses generated by the ADC itself (not obtained from a pool member)

HTTP2_Profile¶

Profile to enable HTTP2

Name	Default	Values	Description
class (string)	HTTP2_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
activationMode (string)	alpn	alpn, always	This setting specifies the condition that will cause the BIG-IP system to handle an incoming connection as an HTTP/2 connection.
concurrentStreamsPerConnection (integer)	10	[1-256]	The number of concurrent connections to allow on a single HTTP/2 connection.
enforceTlsRequirements (boolean)	true	true, false	Enable or disable enforcement of TLS requirements.
insertHeader (boolean)	None	true, false	This setting specifies whether the BIG-IP system should add an HTTP header to the HTTP request to show that the request was received over HTTP/2.
insertHeaderName (string)	X-HTTP2	None	This setting specifies the name of the header that the BIG-IP system will add to the HTTP request when the Insert Header is enabled.

IP_Address¶

IP address (v4 or v6)

Name	Default	Values	Description
IP_Address (object \| object)	None	See “IPv4_Address” \| See “IPv6_Address”	IP address (v4 or v6)

IP_Address_Range¶

IP address (v4 or v6) Range

Name	Default	Values	Description
IP_Address_Range (object \| object)	None	See “IPv4_Address_Range” \| See “IPv6_Address_Range”	IP address (v4 or v6) Range

IPv4_Address¶

IPv4 Address

Name	Default	Values	Description
IPv4_Address (string)	None	Pattern: ^(([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]).){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])$	IPv4 Address

IPv4_Address_Range¶

IPv4 Address Range

Name	Default	Values	Description
IPv4_Address_Range (string)	None	Pattern: ^(([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]).){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])((/([0-9]\|[1-2][0-9]\|3[0-2]))?\|(-((([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]).){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])))?)$	IPv4 Address Range

IPv4_Netmask¶

IPv4 Netmask used to divide an IP v4 address into subnets and specify the network’s available hosts

Name	Default	Values	Description
IPv4_Netmask (string)	None	Pattern: ^((0\|128\|192\|224\|240\|248\|252\|254\|255).0.0.0\|255.(0\|128\|192\|224\|240\|248\|252\|254\|255).0.0\|255.255.(0\|128\|192\|224\|240\|248\|252\|254\|255).0\|255.255.255.(0\|128\|192\|224\|240\|248\|252\|254\|255))$	IPv4 Netmask used to divide an IP v4 address into subnets and specify the network’s available hosts

IPv6_Address¶

IPv6 Address

Name	Default	Values	Description
IPv6_Address (string)	None	Pattern: ^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:))$	IPv6 Address

IPv6_Address_Range¶

IPv6 Address Range

Name	Default	Values	Description
IPv6_Address_Range (string)	None	Pattern: ^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:))((/((12[0-8]\|1[0-1][0-9]\|[1-9][0-9]\|[0-9])))?\|(-((([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:))))?)$	IPv6 Address Range

IPv6_Netmask¶

IPv6 Netmask used to divide an address into subnets and specify the network’s available hosts

Name	Default	Values	Description
IPv6_Netmask (string)	None	Pattern: ^(((0{0,4}\|[Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(::\|::0{1,4}(:0{1,4}){0,5}\|(:0{1,4}){7}\|(:0{1,4}){1,6}::\|(:0{1,4}){1,5}::0{1,4}\|(:0{1,4}){1,4}:(:0{1,4}){1,2}\|(:0{1,4}){1,3}:(:0{1,4}){1,3}\|(:0{1,4}){1,2}:(:0{1,4}){1,4}\|:0{1,4}:(:0{1,4}){1,5}))\|(([Ff]{4}:){1}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(::\|::0{1,4}(:0{1,4}){0,4}\|(:0{1,4}){6}\|(:0{1,4}){1,5}::\|(:0{1,4}){1,4}::0{1,4}?\|(:0{1,4}){1,3}:(:0{1,4}){1,2}\|(:0{1,4}){1,2}:(:0{1,4}){1,3}\|:0{1,4}:(:0{1,4}){1,4}))\|(([Ff]{4}:){2}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(::\|::0{1,4}(:0{1,4}){0,3}\|(:0{1,4}){5}\|(:0{1,4}){1,4}::\|(:0{1,4}){1,3}::0{1,4}?\|(:0{1,4}){1,2}:(:0{1,4}){1,2}\|:0{1,4}:(:0{1,4}){1,3}))\|(([Ff]{4}:){3}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(::\|::0{1,4}(:0{1,4}){0,2}\|(:0{1,4}){4}\|(:0{1,4}){1,3}::\|(:0{1,4}){1,2}::0{1,4}?\|:0{1,4}:(:0{1,4}){1,2}))\|(([Ff]{4}:){4}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(::\|::0{1,4}(:0{1,4}){0,1}\|(:0{1,4}){3}\|(:0{1,4}){1,2}::\|:0{1,4}::0{1,4}?))\|(([Ff]{4}:){5}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(::\|::0{1,4}\|(:0{1,4}){2}\|(:0{1,4})::))\|(([Ff]{4}:){6}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(:0{1,4}\|::))\|(([Ff]{4}:){7}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)))$	IPv6 Netmask used to divide an address into subnets and specify the network’s available hosts

IRule¶

iRule definition with configurable options

Name	Default	Values	Description
class (string)	iRule	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
iRule (object)	None	See “IRule_Core”	Reference to an iRule or text of an iRule

IRule_Core¶

Reference to an iRule or text of an iRule

Name	Default	Values	Description
IRule_Core (object)	None	See “F5_String”	Reference to an iRule or text of an iRule

JWE¶

A value in a cryptogram which is a Flattened JWE JSON Serialization object. If ‘miniJWE’ is true then enc=(none|f5sv) only (in JOSE header)

Name	Default	Values	Description
ciphertext (string)	None	None	Put base64url(data_value) here
protected (string)	eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0	None	JOSE header: alg=dir, enc=(none\|f5sv); default enc=none (encoded default is ‘protected’=’eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0’, use with secret simply base64 url-encoded into ‘ciphertext’). If you see ‘protected’=’eyJhbGciOiJkaXIiLCJlbmMiOiJmNXN2In0’, ‘ciphertext’ contains base64url-encoded SecureVault cryptogram

L4_Profile¶

Configures a Fast Layer 4 profile

Name	Default	Values	Description
class (string)	L4_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
idleTimeout (integer)	300	None	Number of seconds (default 300; may not be 0) connection may remain idle before it becomes eligible for deletion. Value -1 (not recommended) means infinite
looseClose (boolean)	None	true, false	When true, system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server (default false).
looseInitialization (boolean)	None	true, false	When true, system initializes a connection when it receives any TCP packet, rather than requiring a SYN packet for connection initiation (default false).
resetOnTimeout (boolean)	true	true, false	If true (default), connections which time out will be reset (that is, the system sends an RST packet to the peer) before the system expunges them
tcpCloseTimeout (integer)	5	[5-86400]	Specifies an TCP close timeout in seconds. Value -1 means indefinite (not recommended)
tcpHandshakeTimeout (integer)	5	[5-86400]	Specifies a TCP handshake timeout in seconds. The default value is 5 seconds. Value -1 means indefinite (not recommended)
pvaAccelerationMode (string)	full	full, assisted, none, dedicated	Specifies the preferred acceleration mode for the Packet Velocity ASIC (PVA) if the platform supports PVA acceleration. Full - Specifies the system applies full PVA acceleration when possible. Assisted - Specifies the system applies partial PVA acceleration. None - Specifies the system does not use PVA acceleration. Dedicated - Unconditionally enables ePVA acceleration for all TCP FastL4 connections. Inactive, but established connections are not removed from the ePVA to guarantee low latency forwarding for future packets.
pvaDynamicServerPackets (integer)	None	[0-10]	Indicates the number of server packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10.
pvaDynamicClientPackets (integer)	1	[0-10]	Indicates the number of client packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10.

Label¶

Optional friendly name for this object

Name	Default	Values	Description
Label (string)	None	None	Optional friendly name for this object

Metadata¶

Useful data-points for tracking, tagging, and organizing declarations.

Name	Default	Values	Description
value (string)	None	None	None
persist (boolean)	true	true, false	None

Mirroring¶

Controls connection-mirroring for high-availability

Name	Default	Values	Description
Mirroring (string)	None	none, L4	Controls connection-mirroring for high-availability

Monitor¶

Declares a (possibly complex) monitor

Name	Default	Values	Description
Monitor (object \| object \| object \| object \| object \| object)	None	None \| None \| None \| None \| None \| None	Declares a (possibly complex) monitor

Monitor_HTTP¶

Monitor HTTP definition

Name	Default	Values	Description
class (string)	Monitor	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
interval (integer)	5	[0-3600]	Poll interval (seconds)
monitorType (string)	None	None	Specifies the type of monitor
passphrase (object)	None	None	None
receive (string)	None	None	Mark node up upon receipt of this (backquote-expanded) string
receiveDown (string)	None	None	Mark node down upon receipt of this (backquote-expanded) string (optional; must be empty when ‘reverse’ is true)
send (string)	None	None	Send this (backquote-expanded) string to query node
timeout (integer)	16	[0-900]	Time limit for node to respond (seconds)
username (string)	None	None	Username if any for query authentication

Monitor_ICMP¶

Monitor ICMP definition

Name	Default	Values	Description
class (string)	Monitor	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
interval (integer)	5	[0-3600]	Poll interval (seconds)
monitorType (string)	None	None	Specifies the type of monitor
timeout (integer)	16	[0-900]	Time limit for node to respond (seconds)

Monitor_Inband¶

Monitor Inband definition

Name	Default	Values	Description
class (string)	Monitor	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
failureInterval (integer)	None	None	Specifies an interval, in seconds. If the number of failures specified in the failures option occurs within this interval, the system marks the pool member as being unavailable.
failures (integer)	None	None	Specifies the number of failures that the system allows to occur, within the time period specified in the failureInterval property, before marking a pool member unavailable. The multiple tmm processes use a per-process number to calculate failures, depending on the specified load. For example, for the Round Robin load balancing method, if there are N tmm processes and M pool members, and the Failures property is set to L, then up to NML+1 failures can occur before the system marks the node as down. Specifying a value of 0 disables this option. A failure can be either a failure to connect or a failure of the pool member to respond within the time specified in the responseTime property.
monitorType (string)	None	None	Specifies the type of monitor
responseTime (integer)	None	None	Specifies an amount of time, in seconds. If the pool member does not respond with data after the specified amount of time has passed, the number of failures in this interval increments by 1. Specifying a value of 0 disables this option.
retryTime (integer)	None	None	Specifies the amount of time in seconds after the pool member has been marked unavailable before the system retries to connect to the pool member. Specifying a value of 0 disables this option.

Monitor_TCP¶

Monitor TCP definition

Name	Default	Values	Description
class (string)	Monitor	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
interval (integer)	5	[0-3600]	Poll interval (seconds)
monitorType (string)	None	None	Specifies the type of monitor
receive (string)	None	None	Mark node up upon receipt of this (backquote-expanded) string
receiveDown (string)	None	None	Mark node down upon receipt of this (backquote-expanded) string (optional; must be empty when ‘reverse’ is true)
send (string)	None	None	Send this (backquote-expanded) string to query node
timeout (integer)	16	[0-900]	Time limit for node to respond (seconds)

Multiplex_Profile¶

Multiplex (OneConnect) profile with configurable options

Name	Default	Values	Description
class (string)	Multiplex_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
sourceMask (string)	None	None	Idle connection re-use applies to connections whose source address matches this mask

Persist¶

Declares persistence settings

Name	Default	Values	Description
Persist (object \| object \| object \| object \| object \| object \| object)	None	None \| None \| None \| None \| None \| None \| None	Declares persistence settings

Persist_Addr¶

Configures an address affinity persistence profile

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
duration (object)	None	See “Property_Duration”	Lifetime of persistence record (seconds, default 0 means indefinite)
matchAcrossPools (object)	None	See “Property_Match_Across_Pools”	Specifies that the system can use any pool that contains this persistence record
matchAcrossVirtualAddresses (object)	None	See “Property_Match_Across_Virtual_Addresses”	Specifies that all persistent connections from the same client IP address go to the same node
matchAcrossVirtualPorts (object)	None	See “Property_Match_Across_Virtual_Ports”	Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method

Persist_Cookie_Hash¶

Configures a cookie persistence profile hash method

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
alwaysSet (object)	None	See “Property_Always_Set”	If true, set cookie with every HTTP response (default false)
cookieMethod (object)	None	See “Property_Cookie_Method”	Selects cookie processing method (default is insert)
cookieName (string)	None	None	Cookie name for hash method (requires non-empty string)
duration (object)	None	See “Property_Duration”	Lifetime of persistence record (seconds, default 0 means indefinite)
encrypt (object)	None	See “Property_Encrypt”	If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)
matchAcrossPools (object)	None	See “Property_Match_Across_Pools”	Specifies that the system can use any pool that contains this persistence record
matchAcrossVirtualAddresses (object)	None	See “Property_Match_Across_Virtual_Addresses”	Specifies that all persistent connections from the same client IP address go to the same node
matchAcrossVirtualPorts (object)	None	See “Property_Match_Across_Virtual_Ports”	Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node
passphrase (object)	None	See “Property_Passphrase”	A passphrase (passphrase property)
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method

Persist_Cookie_Insert¶

Configures a cookie persistence profile for Insert Method

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
alwaysSet (object)	None	See “Property_Always_Set”	If true, set cookie with every HTTP response (default false)
cookieMethod (object)	insert	See “Property_Cookie_Method”	Selects cookie processing method (default is insert)
cookieName (object)	None	See “Property_Cookie_Name”	Cookie name (for method ‘insert’, default (empty-string) yields system-generated name)
duration (object)	None	See “Property_Duration”	Lifetime of persistence record (seconds, default 0 means indefinite)
encrypt (object)	None	See “Property_Encrypt”	If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)
encryptCookieL4serverside (object)	None	See “Property_Encrypt_Cookie_L4_Server_Side”	Specifies whether the L4-serverside name in the inserted BigIPServer default cookie should be encrypted
httpOnly (boolean)	true	true, false	If true (default) the system sets the HTTPOnly flag
passphrase (object)	None	See “Property_Passphrase”	A passphrase (passphrase property)
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method
ttl (object)	None	See “Property_Ttl”	Requested cookie lifetime (seconds, default 0 means session cookie)
secure (boolean)	true	true, false	If true (default) the system sets the Secure (TLS) flag

Persist_Cookie_Passive¶

Configures a cookie persistence profile passive method

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
alwaysSet (object)	None	See “Property_Always_Set”	If true, set cookie with every HTTP response (default false)
cookieMethod (object)	None	See “Property_Cookie_Method”	Selects cookie processing method (default is insert)
cookieName (string)	None	None	Cookie name for passive method (requires non-empty string)
encrypt (object)	None	See “Property_Encrypt”	If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)
passphrase (object)	None	See “Property_Passphrase”	A passphrase (passphrase property)
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method

Persist_Cookie_Rewrite¶

Configures a cookie persistence profile rewrite method

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
alwaysSet (object)	None	See “Property_Always_Set”	If true, set cookie with every HTTP response (default false)
cookieName (object)	None	See “Property_Cookie_Name”	Cookie name (for method ‘insert’, default (empty-string) yields system-generated name)
cookieMethod (object)	None	See “Property_Cookie_Method”	Selects cookie processing method (default is insert)
encrypt (object)	None	See “Property_Encrypt”	If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)
encryptCookieL4serverside (object)	None	See “Property_Encrypt_Cookie_L4_Server_Side”	Specifies whether the L4-serverside name in the inserted BigIPServer default cookie should be encrypted
passphrase (object)	None	See “Property_Passphrase”	A passphrase (passphrase property)
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method
ttl (object)	None	See “Property_Ttl”	Requested cookie lifetime (seconds, default 0 means session cookie)

Persist_TLS_Session¶

Configures an address affinity persistence profile

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
duration (object)	None	See “Property_Duration”	Lifetime of persistence record (seconds, default 0 means indefinite)
matchAcrossPools (object)	None	See “Property_Match_Across_Pools”	Specifies that the system can use any pool that contains this persistence record
matchAcrossVirtualAddresses (object)	None	See “Property_Match_Across_Virtual_Addresses”	Specifies that all persistent connections from the same client IP address go to the same node
matchAcrossVirtualPorts (object)	None	See “Property_Match_Across_Virtual_Ports”	Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method

Persist_UIE¶

Configures a universal persistence profile

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
duration (object)	None	See “Property_Duration”	Lifetime of persistence record (seconds, default 0 means indefinite)
matchAcrossPools (object)	None	See “Property_Match_Across_Pools”	Specifies that the system can use any pool that contains this persistence record
matchAcrossVirtualAddresses (object)	None	See “Property_Match_Across_Virtual_Addresses”	Specifies that all persistent connections from the same client IP address go to the same node
matchAcrossVirtualPorts (object)	None	See “Property_Match_Across_Virtual_Ports”	Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method

Pointer_Allow_Networks¶

Names of existing L3 Networks that the application will pass traffic to.

Name	Default	Values	Description
Pointer_Allow_Networks (array<Pointer_BIGIP>)	None	None	Names of existing L3 Networks that the application will pass traffic to.

Pointer_Allow_Vlans¶

Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.

Name	Default	Values	Description
Pointer_Allow_Vlans (array<Pointer_BIGIP>)	None	None	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.

Pointer_Analytics_TCP_Profile¶

Reference for Analytics TCP Profile definition

Name	Default	Values	Description
Pointer_Analytics_TCP_Profile (object \| object)	None	See “Pointer_Use” \| None	Reference for Analytics TCP Profile definition

Pointer_BIGIP¶

Reference for a BIG-IP object

Name	Default	Values	Description
bigip (string)	None	None	Path to BIG-IP object

Pointer_BIGIP_Or_Use¶

Reference for a BIG-IP or Use object

Name	Default	Values	Description
Pointer_BIGIP_Or_Use (object)	None	None	Reference for a BIG-IP or Use object

Pointer_CA_Bundle¶

Reference to a Ca Bundle

Name	Default	Values	Description
bigip (string)	None	None	Pathname of existing BIG-IP Ca Bundle
use (object)	None	None	None

Pointer_F5_String_Or_BIGIP¶

Reference for a property or BIG-IP object

Name	Default	Values	Description
Pointer_F5_String_Or_BIGIP (object)	None	None	Reference for a property or BIG-IP object

Pointer_HTTP_Acceleration_Profile¶

Reference to a HTTP Acceleration Profile

Name	Default	Values	Description
Pointer_HTTP_Acceleration_Profile (object)	None	None	Reference to a HTTP Acceleration Profile

Pointer_IRules¶

List of iRule references

Name	Default	Values	Description
Pointer_IRules (array<object \| string>)	None	None	List of iRule references

Pointer_Monitor¶

Name or path to monitor

Name	Default	Values	Description
use (object)	None	None	None

Pointer_Multiplex_Profile¶

Reference for Multiplex Profile definition

Name	Default	Values	Description
Pointer_Multiplex_Profile (object \| object)	None	See “Pointer_Use” \| None	Reference for Multiplex Profile definition

Pointer_Pool¶

Reference to a pool

Name	Default	Values	Description
Pointer_Pool (object \| object)	None	See “Pointer_BIGIP_Or_Use” \| None	Reference to a pool

Pointer_Profile¶

BIG-IP AS3 pointer to Ingress Engress Profile declaration

Name	Default	Values	Description
Pointer_Profile (string)	None	None	BIG-IP AS3 pointer to Ingress Engress Profile declaration

Pointer_Profile_Analytics¶

Reference for Profile Analytics definition

Name	Default	Values	Description
Pointer_Profile_Analytics (object \| object)	None	See “Pointer_Use” \| None	Reference for Profile Analytics definition

Pointer_Profile_Ingress_Egress¶

Reference use, ingress, and egress on profile

Name	Default	Values	Description
use (object)	None	None	None
ingress (object)	None	None	None
egress (object)	None	None	None

Pointer_Profile_Persistence¶

Reference for Profile persistance

Name	Default	Values	Description
Pointer_Profile_Persistence (array<string \| object>)	None	None	Reference for Profile persistance

Pointer_Profile_Standard¶

Reference for a standard profile

Name	Default	Values	Description
Pointer_Profile_Standard (object)	None	See “Pointer_Use”	Reference for a standard profile

Pointer_Profile_Standard_Plus_Template¶

Reference for a standard profile with template

Name	Default	Values	Description
Pointer_Profile_Standard_Plus_Template (object)	None	None	Reference for a standard profile with template

Pointer_SNAT¶

Reference for SNAT pointer (includes string and snat pool)

Name	Default	Values	Description
Pointer_SNAT (object)	None	None	Reference for SNAT pointer (includes string and snat pool)

Pointer_String¶

Reference that is a string

Name	Default	Values	Description
Pointer_String (string)	None	None	Reference that is a string

Pointer_Use¶

Reference for use property

Name	Default	Values	Description
use (object)	None	See “Property_Use”	Path to object in declaration

Pointer_Use_Or_String¶

Reference for use property or string

Name	Default	Values	Description
Pointer_Use_Or_String (object)	None	None	Reference for use property or string

Pointer_Waf_Policy¶

Reference for WAF Policy definition

Name	Default	Values	Description
Pointer_Waf_Policy (object \| object)	None	See “Pointer_Use” \| None	Reference for WAF Policy definition

Pool¶

Declares a service pool

Name	Default	Values	Description
class (string)	Pool	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
allowNetworks (array<Pointer_BIGIP>)	None	None	Names of existing L3 Networks the pool members accept traffic from.
allowVlans (array<Pointer_BIGIP>)	None	None	Names of existing VLANs the pool members accept traffic from.
loadBalancingMode (string)	round-robin	fastest-app-response, least-connections-member, predictive-member, ratio-least-connections-member, ratio-session, round-robin, weighted-round-robin	Load-balancing mode
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
monitors (array<object>)	None	None	None
members (array<Pool_Member>)	None	None	None
service (boolean)	None	true, false	Specifies whether a standalone Service should be created for this Pool

Pool_Member¶

Declares a service pool member

Name	Default	Values	Description
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
addressDiscovery (string)	None	None	Selects how server (node) addresses are discovered
priorityGroup (integer)	None	[0-65535]	None
ratio (integer)	None	[0-100]	Specifies the weight of the pool member for load balancing purposes
servicePort (integer)	None	[0-65535]	None
serverAddresses (array<IP_Address>)	None	None	Static IP addresses of servers (nodes)
servers (array<Pool_Member_Servers>)	None	None	Same as serverAddresses, but allowing for further specification of each node
shareNodes (boolean)	None	true, false	If enabled, nodes are created in /Common instead of the tenant’s partition
weight (integer)	None	[1-65535]	Specifies the weight for load balancing with weight-based load balancing methods

Pool_Member_Servers¶

Pool Member Servers

Name	Default	Values	Description
address (string)	None	See “IP_Address”	IP address (v4 or v6)
name (string)	None	None	None

Property_Always_Set¶

If true, set cookie with every HTTP response (default false)

Name	Default	Values	Description
Property_Always_Set (boolean)	None	true, false	If true, set cookie with every HTTP response (default false)

Property_Base64¶

A Base64-encoded value (base64 property)

Name	Default	Values	Description
Property_Base64 (object)	None	See “Resource_Base64”	A Base64-encoded value (base64 property)

Property_Cookie_Method¶

Selects cookie processing method (default is insert)

Name	Default	Values	Description
Property_Cookie_Method (string)	insert	insert, hash, passive, rewrite	Selects cookie processing method (default is insert)

Property_Cookie_Name¶

Cookie name (for method ‘insert’, default (empty-string) yields system-generated name)

Name	Default	Values	Description
Property_Cookie_Name (string)	None	Pattern: ^[0-9A-Za-z.~#$%^&_-]$	Cookie name (for method ‘insert’, default (empty-string) yields system-generated name)

Property_Duration¶

Lifetime of persistence record (seconds, default 0 means indefinite)

Name	Default	Values	Description
Property_Duration (integer)	None	[0-604800]	Lifetime of persistence record (seconds, default 0 means indefinite)

Property_Encrypt¶

If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)

Name	Default	Values	Description
Property_Encrypt (boolean)	None	true, false	If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)

Property_Encrypt_Cookie_L4_Server_Side¶

Specifies whether the L4-serverside name in the inserted BigIPServer default cookie should be encrypted

Name	Default	Values	Description
Property_Encrypt_Cookie_L4_Server_Side (boolean)	None	true, false	Specifies whether the L4-serverside name in the inserted BigIPServer default cookie should be encrypted

Property_Idle_Timeout¶

Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion

Name	Default	Values	Description
Property_Idle_Timeout (integer)	None	None	Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion

Property_Match_Across_Pools¶

Specifies that the system can use any pool that contains this persistence record

Name	Default	Values	Description
Property_Match_Across_Pools (boolean)	None	true, false	Specifies that the system can use any pool that contains this persistence record

Property_Match_Across_Virtual_Addresses¶

Specifies that all persistent connections from the same client IP address go to the same node

Name	Default	Values	Description
Property_Match_Across_Virtual_Addresses (boolean)	None	true, false	Specifies that all persistent connections from the same client IP address go to the same node

Property_Match_Across_Virtual_Ports¶

Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node

Name	Default	Values	Description
Property_Match_Across_Virtual_Ports (boolean)	None	true, false	Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node

Property_Names¶

Property names

Name	Default	Values	Description
Property_Names (object)	None	Pattern: ^[A-Za-z-][0-9A-Za-z-_.-]*$	Property names

Property_Passphrase¶

A passphrase (passphrase property)

Name	Default	Values	Description
Property_Passphrase (object)	None	See “Secret”	A passphrase (passphrase property)

Property_Persistence_Method¶

You may customize each basic persistence method

Name	Default	Values	Description
Property_Persistence_Method (string)	None	cookie, source-address, tls-session-id, universal	You may customize each basic persistence method

Property_Proxy_Buffer_High¶

The system closes the receive window when the number of octets in proxy buffer rises above this value

Name	Default	Values	Description
Property_Proxy_Buffer_High (integer)	None	[16384-67108864]	The system closes the receive window when the number of octets in proxy buffer rises above this value

Property_Proxy_Buffer_Low¶

The system opens the receive window when the number of octets in proxy buffer falls below this value

Name	Default	Values	Description
Property_Proxy_Buffer_Low (integer)	None	[4096-67108864]	The system opens the receive window when the number of octets in proxy buffer falls below this value

Property_Send_Buffer_Size¶

Maximum size of send buffer in bytes

Name	Default	Values	Description
Property_Send_Buffer_Size (integer)	None	[536-67108864]	Maximum size of send buffer in bytes

Property_Template¶

Template type for tcp. Use advanced template to configure TCP Profile properties beyond idleTimeout, sendBufferSize, proxyBufferLow, and proxyBufferHigh.

Name	Default	Values	Description
Property_Template (string)	None	lan, wan, mobile, normal, advanced	Template type for tcp. Use advanced template to configure TCP Profile properties beyond idleTimeout, sendBufferSize, proxyBufferLow, and proxyBufferHigh.

Property_Text¶

A text value (text property)

Name	Default	Values	Description
Property_Text (object)	None	See “Resource_Text”	A text value (text property)

Property_Ttl¶

Requested cookie lifetime (seconds, default 0 means session cookie)

Name	Default	Values	Description
Property_Ttl (integer)	None	[0-604800]	Requested cookie lifetime (seconds, default 0 means session cookie)

Property_Use¶

Path to object in declaration

Name	Default	Values	Description
Property_Use (string)	None	Pattern: ^[A-Za-z-/][0-9A-Za-z-_./-]*$	Path to object in declaration

Remark¶

Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.

Name	Default	Values	Description
Remark (string)	None	Pattern: ^[^x00-x1fx22x5cx7f]*$	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.

Resource_Base64¶

A Base64-encoded value

Name	Default	Values	Description
Resource_Base64 (string)	None	None	A Base64-encoded value

Resource_Text¶

UTF-8 text (in JSON string)

Name	Default	Values	Description
Resource_Text (string)	None	None	UTF-8 text (in JSON string)

Resource_URL¶

The URL for a required resource

Name	Default	Values	Description
Resource_URL (string \| object)	None	None \| None	The URL for a required resource

Secret¶

A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL

Name	Default	Values	Description
Secret (string \| object)	None	None \| None	A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL

Service_HTTP¶

HTTP virtual server

Name	Default	Values	Description
class (string)	Service_HTTP	None	None
persistenceMethods (object)	cookie	See “Pointer_Profile_Persistence”	Reference for Profile persistance
clientTLS (object)	None	None	None
enable (boolean)	true	true, false	None
inlineConnector (object)	None	See “Pointer_Use”	Reference for use property
inspectionServices (array<Pointer_BIGIP>)	None	None	None
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
mirroring (object)	None	See “Mirroring”	Controls connection-mirroring for high-availability
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
profileAnalytics (object)	None	See “Pointer_Profile_Analytics”	Reference for Profile Analytics definition
profileAnalyticsTcp (object)	None	See “Pointer_Analytics_TCP_Profile”	Reference for Analytics TCP Profile definition
profileHTTP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
profileHTTP2 (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
profileHTTPCompression (object)	None	See “Pointer_Profile_Standard_Plus_Template”	Reference for a standard profile with template
profileHTTPAcceleration (object)	None	See “Pointer_HTTP_Acceleration_Profile”	Reference to a HTTP Acceleration Profile
profileMultiplex (object)	None	See “Pointer_Multiplex_Profile”	Reference for Multiplex Profile definition
profileTCP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
serverTLS (object)	None	See “Pointer_String”	Reference that is a string
snat (object)	None	See “Pointer_SNAT”	Reference for SNAT pointer (includes string and snat pool)
tap (object)	None	See “Pointer_Use”	Reference for use property
translateServerAddress (object)	None	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
iRules (object)	None	See “Pointer_IRules”	List of iRule references
policySslOrchestrator (object)	None	See “Pointer_BIGIP”	Reference for a BIG-IP object
policyWAF (object)	None	None	None
policyIAM (object)	None	See “Pointer_BIGIP”	Reference for a BIG-IP object
policyPerRequestAccess (object)	None	See “Pointer_BIGIP”	Reference for a BIG-IP object
pool (object)	None	None	None
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	80	See “Virtual_Port”	Virtual port
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
label (object)	None	See “Label”	Optional friendly name for this object

Service_HTTPS¶

HTTPS virtual server

Name	Default	Values	Description
class (string)	Service_HTTPS	None	None
clientTLS (object)	None	None	None
enable (boolean)	true	true, false	None
inlineConnector (object)	None	See “Pointer_Use”	Reference for use property
inspectionServices (array<Pointer_BIGIP>)	None	None	None
profileBotDefense (array<string \| array<string>>)	None	None	Attaches a Bot Defense profile to the service
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
mirroring (object)	None	See “Mirroring”	Controls connection-mirroring for high-availability
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
persistenceMethods (object)	cookie	See “Pointer_Profile_Persistence”	Reference for Profile persistance
profileAnalytics (object)	None	See “Pointer_Profile_Analytics”	Reference for Profile Analytics definition
profileAnalyticsTcp (object)	None	See “Pointer_Analytics_TCP_Profile”	Reference for Analytics TCP Profile definition
profileHTTP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
profileHTTP2 (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
profileHTTPCompression (object)	None	See “Pointer_Profile_Standard_Plus_Template”	Reference for a standard profile with template
profileHTTPAcceleration (object)	None	See “Pointer_HTTP_Acceleration_Profile”	Reference to a HTTP Acceleration Profile
profileMultiplex (object)	None	See “Pointer_Multiplex_Profile”	Reference for Multiplex Profile definition
profileTCP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
redirect80 (boolean)	None	true, false	None
serverTLS (object)	None	See “Pointer_String”	Reference that is a string
snat (object)	None	See “Pointer_SNAT”	Reference for SNAT pointer (includes string and snat pool)
tap (object)	None	See “Pointer_Use”	Reference for use property
translateServerAddress (object)	None	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
iRules (object)	None	See “Pointer_IRules”	List of iRule references
policySslOrchestrator (object)	None	See “Pointer_BIGIP”	Reference for a BIG-IP object
policyWAF (object)	None	None	None
policyIAM (object)	None	See “Pointer_BIGIP”	Reference for a BIG-IP object
policyPerRequestAccess (object)	None	See “Pointer_BIGIP”	Reference for a BIG-IP object
pool (object)	None	None	None
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	443	See “Virtual_Port”	Virtual port

Service_L4¶

Fast L4 virtual server

Name	Default	Values	Description
class (string)	Service_L4	None	None
enable (boolean)	true	true, false	Enables property function
profileL4 (object)	None	See “Pointer_Profile_Standard”	Reference for a standard profile
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	80	See “Virtual_Port”	Virtual port
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
mirroring (object)	None	See “Mirroring”	Controls connection-mirroring for high-availability
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
profileBotDefense (array<string \| array<string>>)	None	None	Attaches a Bot Defense profile to the service
persistenceMethods (object)	source-address	See “Pointer_Profile_Persistence”	Reference for Profile persistance
snat (object)	None	See “Pointer_SNAT”	Reference for SNAT pointer (includes string and snat pool)
translateServerAddress (object)	None	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
iRules (object)	None	See “Pointer_IRules”	List of iRule references
policySslOrchestrator (object)	None	See “Pointer_BIGIP”	Deprecated. Will be removed in a later release.
policyWAF (object)	None	None	Deprecated. Will be removed in a later release.
policyIAM (object)	None	See “Pointer_BIGIP”	Reference for a BIG-IP object
policyPerRequestAccess (object)	None	See “Pointer_BIGIP”	Reference for a BIG-IP object
pool (object)	None	None	None

Service_Pool¶

Pool Service

Name	Default	Values	Description
class (string)	Service_Pool	None	None
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
label (object)	None	See “Label”	Optional friendly name for this object
translateServerAddress (object)	None	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
pool (object)	None	None	None

Service_TCP¶

TCP virtual server

Name	Default	Values	Description
class (string)	Service_TCP	None	None
enable (boolean)	true	true, false	None
clientTLS (object)	None	None	None
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
mirroring (object)	None	See “Mirroring”	Controls connection-mirroring for high-availability
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
persistenceMethods (object)	source-address	See “Pointer_Profile_Persistence”	Reference for Profile persistance
profileAnalyticsTcp (object)	None	See “Pointer_Analytics_TCP_Profile”	Reference for Analytics TCP Profile definition
profileTCP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
translateServerAddress (object)	None	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
iRules (object)	None	See “Pointer_IRules”	List of iRule references
inlineConnector (object)	None	See “Pointer_Use”	Reference for use property
inspectionServices (array<Pointer_BIGIP>)	None	None	None
policySslOrchestrator (object)	None	See “Pointer_BIGIP”	Deprecated. Will be removed in a later release.
policyWAF (object)	None	None	Deprecated. Will be removed in a later release.
policyIAM (object)	None	See “Pointer_BIGIP”	Reference for a BIG-IP object
policyPerRequestAccess (object)	None	See “Pointer_BIGIP”	Reference for a BIG-IP object
pool (object)	None	None	None
snat (object)	None	See “Pointer_SNAT”	Reference for SNAT pointer (includes string and snat pool)
tap (object)	None	See “Pointer_Use”	Reference for use property
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	80	See “Virtual_Port”	Virtual port
serverTLS (object)	None	See “Pointer_String”	Reference that is a string

Service_UDP¶

UDP virtual server

Name	Default	Values	Description
class (string)	Service_UDP	None	None
enable (boolean)	true	true, false	None
translateServerAddress (object)	None	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
mirroring (object)	None	See “Mirroring”	Controls connection-mirroring for high-availability
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
persistenceMethods (object)	source-address	See “Pointer_Profile_Persistence”	Reference for Profile persistance
profileUDP (object)	None	See “Pointer_Profile_Standard”	Reference for a standard profile
profileBotDefense (array<string \| array<string>>)	None	None	None
iRules (object)	None	See “Pointer_IRules”	List of iRule references
inlineConnector (object)	None	See “Pointer_Use”	Reference for use property
inspectionServices (array<Pointer_BIGIP>)	None	None	None
policySslOrchestrator (object)	None	See “Pointer_BIGIP”	Deprecated. Will be removed in a later release.
policyWAF (object)	None	None	Deprecated. Will be removed in a later release.
policyIAM (object)	None	See “Pointer_BIGIP”	Reference for a BIG-IP object
policyPerRequestAccess (object)	None	See “Pointer_BIGIP”	Reference for a BIG-IP object
pool (object)	None	None	None
snat (object)	None	See “Pointer_SNAT”	Reference for SNAT pointer (includes string and snat pool)
clientDTLS (object)	None	See “Pointer_String”	Reference that is a string
serverDTLS (object)	None	See “Pointer_String”	Reference that is a string
tap (object)	None	See “Pointer_Use”	Reference for use property
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	80	See “Virtual_Port”	Virtual port

SNAT_Pool¶

SNAT pool

Name	Default	Values	Description
class (string)	SNAT_Pool	None	None
label (object)	None	See “Label”	Optional friendly name for this object
snatAddresses (array<string>)	None	None	List of SNAT addresses– may include both IPv4 and IPv6
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.

TCP_Profile¶

TCP Profile

Name	Default	Values	Description
TCP_Profile (object \| object \| object)	None	None \| None \| None	TCP Profile

TCP_Profile_Lan¶

TCP Profile for LAN template

Name	Default	Values	Description
class (string)	TCP_Profile	None	None
idleTimeout (object)	None	See “Property_Idle_Timeout”	Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion
proxyBufferHigh (object)	65535	See “Property_Proxy_Buffer_High”	The system closes the receive window when the number of octets in proxy buffer rises above this value
proxyBufferLow (object)	32768	See “Property_Proxy_Buffer_Low”	The system opens the receive window when the number of octets in proxy buffer falls below this value
sendBufferSize (object)	65535	See “Property_Send_Buffer_Size”	Maximum size of send buffer in bytes
template (object)	None	See “Property_Template”	Template type for tcp. Use advanced template to configure TCP Profile properties beyond idleTimeout, sendBufferSize, proxyBufferLow, and proxyBufferHigh.

TCP_Profile_Mobile¶

TCP Profile for Mobile template

Name	Default	Values	Description
class (string)	TCP_Profile	None	None
idleTimeout (object)	None	See “Property_Idle_Timeout”	Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion
proxyBufferHigh (object)	262144	See “Property_Proxy_Buffer_High”	The system closes the receive window when the number of octets in proxy buffer rises above this value
proxyBufferLow (object)	196608	See “Property_Proxy_Buffer_Low”	The system opens the receive window when the number of octets in proxy buffer falls below this value
sendBufferSize (object)	262144	See “Property_Send_Buffer_Size”	Maximum size of send buffer in bytes
template (object)	None	See “Property_Template”	Template type for tcp. Use advanced template to configure TCP Profile properties beyond idleTimeout, sendBufferSize, proxyBufferLow, and proxyBufferHigh.

TCP_Profile_Wan¶

TCP Profile for WAN template

Name	Default	Values	Description
class (string)	TCP_Profile	None	None
idleTimeout (object)	None	See “Property_Idle_Timeout”	Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion
proxyBufferHigh (object)	262144	See “Property_Proxy_Buffer_High”	The system closes the receive window when the number of octets in proxy buffer rises above this value
proxyBufferLow (object)	196608	See “Property_Proxy_Buffer_Low”	The system opens the receive window when the number of octets in proxy buffer falls below this value
sendBufferSize (object)	262144	See “Property_Send_Buffer_Size”	Maximum size of send buffer in bytes
template (object)	None	See “Property_Template”	Template type for tcp. Use advanced template to configure TCP Profile properties beyond idleTimeout, sendBufferSize, proxyBufferLow, and proxyBufferHigh.

Tenant¶

Declares a Tenant

Name	Default	Values	Description
class (string)	Tenant	None	None
controls (object)	None	See “Controls”	Optional controls configuration
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
constants (object)	None	See “Constants”	Named values for (re-)use by declaration objects

TLS_Client¶

TLS Client Profile

Name	Default	Values	Description
authenticationFrequency (string)	None	one-time, every-time	Client certificate authentication frequency
allowExpiredCRL (boolean)	None	true, false	Specifies if the CRL can be used even if it has expired
authenticationDepth (integer)	None	[0-15]	Server certificate verification depth. The default value is 9, meaning maximum client certificate chain traversal depth for verification is set to 9
class (string)	TLS_Client	None	None
certificates (array<TLS_Client_Certificates>)	None	None	Primary and (optional) additional certificates (order is significant, element 0 is the primary certificate)
ciphers (object)	DEFAULT	See “Ciphers”	Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).
crlFile (object)	None	See “Pointer_BIGIP”	Specifies the name of a file containing a list of revoked client certificates
enableAuthentication (boolean)	None	true, false	Specifies the flag to enables/disable server certificate verification.
tls1_1Enabled (boolean)	true	true, false	Allow TLS 1.1 Ciphers.
tls1_2Enabled (boolean)	true	true, false	Allow TLS 1.2 Ciphers.
tls1_3Enabled (boolean)	true	true, false	Allow TLS 1.3 Ciphers.
trustCA (object,string)	None	None	CA’s trusted to validate server certificate; ‘generic’ (default) or else BIG-IP AS3 pointer to declaration of CA Bundle

TLS_Client_Certificates¶

TLS_Client certificates

Name	Default	Values	Description
certificate (string)	None	None	None

TLS_Server¶

TLS Server Profile

Name	Default	Values	Description
authenticationFrequency (string)	None	one-time, every-time	Client certificate authentication frequency
authenticationDepth (integer)	None	[0-15]	Server certificate verification depth. The default value is 9, meaning maximum client certificate chain traversal depth for verification is set to 9
authenticationTrustCA (object)	None	None	Pointer to CA Bundle used to validate client certificates
authenticationMode (string)	ignore	ignore, request, require	Client certificate authentication mode
class (string)	TLS_Server	None	None
certificates (array<TLS_Server_Certificates>)	None	None	Primary and (optional) additional certificates (order is significant, element 0 is the primary certificate)
ciphers (object)	DEFAULT	See “Ciphers”	Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).
enableAuthentication (boolean)	None	true, false	Specifies the flag to enables/disable client authentication on the client side.
tls1_1Enabled (boolean)	true	true, false	Allow TLS 1.1 Ciphers.
tls1_2Enabled (boolean)	true	true, false	Allow TLS 1.2 Ciphers.
tls1_3Enabled (boolean)	true	true, false	Allow TLS 1.3 Ciphers.

TLS_Server_Certificates¶

TLS_Server certificates

Name	Default	Values	Description
certificate (string)	None	None	None
sniDefault (boolean)	None	true, false	None
certificates (array<string>)	None	None	None
ciphers (object)	None	See “Ciphers”	Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).
sniDomains (array<string>)	None	None	None

TLS_Server_Client_Auth_Certificates¶

TLS_Server client auth certificates

Name	Default	Values	Description
certificate (string)	None	None	None
certificates (array<string>)	None	None	None
ciphers (object)	None	See “Ciphers”	Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).

TranslateServerAddress¶

If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)

Name	Default	Values	Description
TranslateServerAddress (boolean)	true	true, false	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)

UDP_Profile¶

Configures a User Datagram Protocol (UDP) profile

Name	Default	Values	Description
class (string)	UDP_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
datagramLoadBalancing (boolean)	None	true, false	When true, process UDP datagrams independently, without recognizing flows (default false)
idleTimeout (integer)	60	[-1-86400]	Number of seconds (default 60) flow may remain idle before it becomes eligible for deletion. Value 0 allows system to recover per-flow resources whenever convenient (always safe with UDP). Value -1 means indefinite (not recommended)

Virtual_Addresses¶

Virtual addresses array

Name	Default	Values	Description
Virtual_Addresses (array<IP_Address_Range>)	None	None	Virtual addresses array

Virtual_Port¶

Virtual port

Name	Default	Values	Description
Virtual_Port (integer \| array)	None	None \| None	Virtual port

WAF_Policy¶

Configures a WAF policy

Name	Default	Values	Description
class (string)	WAF_Policy	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
file (string)	None	None	None
ignoreChanges (boolean)	None	true, false	If false (default), the system updates the policy in every BIG-IP AS3 declaration deployment. If true, BIG-IP AS3 creates the policy on first deployment, and leaves it untouched afterwards
enforcementMode (string)	None	blocking, transparent	Overrides the enforcement mode setting of the WAF policy
policy (object)	None	See “F5_String”	The value can be either a string, text property, base64 property, url property, etc.