CM Schema Reference¶

This page is a reference for the objects you can use in your Declarations for AS3 on BIG-IP Next. For more information on BIG-IP objects and terminology, see the BIG-IP documentation at https://support.f5.com/csp/home.

ADC¶

Indicates this document is an ADC declaration

Name	Default	Values	Description
class (string)	ADC	None	Indicates this document is an ADC declaration
schemaVersion (string)	None	None	Version of ADC Declaration schema this declaration uses
id (string)	None	None	Unique identifier for this declaration (max 255 printable chars with no spaces, quotation marks, angle brackets, nor backslashes)
controls (object)	None	See “Controls”	Optional controls configuration
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
constants (object)	None	See “Constants”	Named values for (re-)use by declaration objects
target (object)	None	See “Target”	Target properties which indicate where the declaration should be configured

AddressMask¶

Specifies the prefix length that you want to use as the mask. The default is None. The length can be the number of set bits in a bitmask between 0 and 32 for IPv4 or mask which specifies portion of address used

Name	Default	Values	Description
AddressMask (integer \| object)	None	[0-32] \| See “IP_Address_Range”	Specifies the prefix length that you want to use as the mask. The default is None. The length can be the number of set bits in a bitmask between 0 and 32 for IPv4 or mask which specifies portion of address used

AddressMaskIPv6¶

Specifies the prefix length that you want to use as the mask. The default is None. The length must be the number of set bits in a bitmask between 0 and 128 for IPv6.

Name	Default	Values	Description
AddressMaskIPv6 (integer)	None	[0-128]	Specifies the prefix length that you want to use as the mask. The default is None. The length must be the number of set bits in a bitmask between 0 and 128 for IPv6.

Analytics_Profile¶

HTTP Analytics profile with configurable options

Name	Default	Values	Description
class (string)	Analytics_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
collectGeo (boolean)	None	true, false	Specifies that the system collects statistics of the names of the countries from which that traffic was sent
collectClientSideStatistics (boolean)	None	true, false	Specifies that the system collects statistics regarding the HTTP request and response times
collectUrl (boolean)	None	true, false	Specifies that the system collects statistics of requested URLs
collectIp (boolean)	None	true, false	Specifies that the system collects statistics of the IP addresses of where the traffic came from
collectDestinationIpGeo (boolean)	None	true, false	Specifies that the system collects statistics of the destination IP addresses
collectSubnet (boolean)	None	true, false	Specifies that the system collects statistics of client subnets
collectUserAgent (boolean)	None	true, false	Specifies that the system collects statistics about browsers used to send traffic
collectOsAndBrowser (boolean)	true	true, false	Specifies that the system collect statistics about the OSs and Browsers used to send requests
collectResponseCode (boolean)	true	true, false	Specifies that the system collects statistics about the distribution of HTTP response codes returned by the servers
collectMethod (boolean)	true	true, false	Specifies that the system collects statistics about the distribution of HTTP methods found in requests
collectMaxTpsAndThroughput (boolean)	None	true, false	Specifies that the system collects statistics for the maximum number of transactions per second, and the maximum amount of traffic moving through the system, both request and response throughput values
collectPageLoadTime (boolean)	None	true, false	Specifies that the system collects statistics of the round-trip latency between client end-users and the servers
collectUserSession (boolean)	None	true, false	Specifies that the system collects statistics of the number of unique user sessions in the application traffic, as determined by the value of the configured HTTP cookies found in the requests
sampling (boolean)	None	true, false	None
samplingRatio (integer)	100	[1-10000]	None
sessionCookieSecurity (string)	ssl-only	ssl-only, always-secure, never-secure	Specify whether to secure session cookies
sessionTimeoutMinutes (integer)	5	[5-60]	The number of minutes of user non-activity ot allow before the system considers the session to be over

Analytics_TCP_Profile¶

TCP Analytics profile with configurable options

Name	Default	Values	Description
class (string)	Analytics_TCP_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
collectCity (boolean)	None	true, false	Specifies that the system saves the name of the city with which traffic was exchanged
collectContinent (boolean)	true	true, false	Specifies that the system saves the name of the continent with which traffic was exchanged
collectCountry (boolean)	true	true, false	Specifies that the system saves the name of the country with which traffic was exchanged
collectedByClientSide (boolean)	true	true, false	Specifies that system collects statistics on the client side
collectedByServerSide (boolean)	true	true, false	Specifies that system collects statistics on the server side
collectNexthop (boolean)	None	true, false	Specifies that the system saves the address to which the traffic is being routed
collectPostCode (boolean)	None	true, false	Specifies that the system saves the name of the postcode with which traffic was exchanged
collectRegion (boolean)	true	true, false	Specifies that the system saves the name of the region with which traffic was exchanged
collectRemoteHostIp (boolean)	None	true, false	Specifies that the system collects IP addresses with which traffic was exchanged
collectRemoteHostSubnet (boolean)	true	true, false	Specifies that the system saves the address of the subnet with which traffic was exchanged

Application¶

Declares an Application

Name	Default	Values	Description
class (string)	Application	None	None
template (string)	None	None	This is a deprecated property found in older BIG-IP AS3 declarations and it will be ignored
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
constants (object)	None	See “Constants”	Named values for (re-)use by declaration objects

Application_Objects¶

Application objects definition

Name	Default	Values	Description
Application_Objects (object)	None	None	Application objects definition
class (string)	None	Analytics_Profile, Analytics_TCP_Profile, Certificate, CA_Bundle, Data_Group, HTTP_Compress, HTTP_Acceleration_Profile, HTTP_Profile, HTTP2_Profile, iRule, L4_Profile, L4_DSR_Profile, Monitor, Multiplex_Profile, Persist, Pool, Service_Forwarding, Service_HTTP, Service_HTTPS, Service_HTTPS_Forward_Proxy, Service_L4, Service_L4_DSR, Service_Pool, Service_TCP, Service_TCP_Forward_Proxy, Service_UDP, SNAT_Pool, TCP_Profile, TLS_Client, TLS_Forward_Proxy_Client, TLS_Server, TLS_Forward_Proxy_Server, DTLS_Client, DTLS_Server, UDP_Profile, WAF_Policy	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.

AS3¶

BIG-IP AS3 class definition

Name	Default	Values	Description
class (string)	AS3	None	Indicates this document is an BIG-IP AS3 declaration
$schema (string)	None	None	URL of schema against which to validate. Used by validation in your local environment only (via Visual Studio Code, for example)
id (string)	None	None	Unique identifier for this declaration (max 255 printable chars with no spaces, quotation marks, angle brackets, nor backslashes)
action (string)	None	deploy, dry-run	Specifies the action to the performed on the ADC declaration
declaration (object)	None	See “ADC”	Indicates this document is an ADC declaration

Basic_Auth¶

Describes the basic authentication to access a resource

Name	Default	Values	Description
method (string)	None	basic	Specifies the authentication method
username (string)	None	None	Specifies the user name for authentication
passphrase (object)	None	None	Specifies the password for authentication

Basic_Monitor¶

Monitor definition

Name	Default	Values	Description
Basic_Monitor (string \| object)	None	http, https, http2, icmp, inband, tcp, tcp-half-open \| See “Pointer_Monitor”	Monitor definition

CA_Bundle¶

Bundle of one or more PKI Certificate-Authority certificates

Name	Default	Values	Description
class (string)	CA_Bundle	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
bundle (object)	None	None	Reference to a CA bundle or string of PEM encoded certificates

Certificate¶

Configures a Certificate

Name	Default	Values	Description
class (string)	Certificate	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
certificate (object)	None	None	X.509 public-key certificate
privateKey (object)	None	None	Private key matching certificate’s public key (optional)
chainCA (object,string)	None	None	Bundle of one or more CA certificates in trust-chain from root CA to certificate (optional)
passphrase (object)	None	None	If supplied, used to decrypt privateKey at runtime (optional)

Ciphers¶

Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).

Name	Default	Values	Description
Ciphers (string)	None	None	Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).

Constants¶

Named values for (re-)use by declaration objects

Name	Default	Values	Description
class (string)	Constants	None	None

Controls¶

Optional controls configuration

Name	Default	Values	Description
class (string)	Controls	None	None
logLevel (string)	None	emergency, alert, critical, error, warning, notice, info, debug	Controls the amount of detail in logs produced while configuring this Tenant (default is whole-declaration Controls/logLevel value)
traceResponse (boolean)	None	true, false	If true, the response will contain the trace files
userAgent (string)	None	None	User Agent information to include in TEEM report

Data_Group¶

Data group definition with configurable options

Name	Default	Values	Description
class (string)	Data_Group	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
keyDataType (string)	None	integer, ip, string	Specifies the type of record keys the data group contains. If string, the value will be escaped by default
records (array<Data_Group_Records>)	None	None	List of records

Data_Group_Records¶

A record object to store

Name	Default	Values	Description
key (string)	None	None	The key for referencing the record
value (string)	None	None	Value to store

DTLS_Client¶

DTLS Client Profile

Name	Default	Values	Description
authenticationTrustCA (object)	None	None	Pointer to the CA Bundle used to validate client certificates
allowExpiredCRL (boolean)	None	true, false	Specifies if the CRL can be used even if it has expired
class (string)	DTLS_Client	None	None
certificates (array<DTLS_Client_Certificates>)	None	None	Primary and (optional) additional certificates (order is significant, element 0 is the primary certificate)
ciphers (string)	DEFAULT	None	Ciphersuite selection string. Ciphers and cipherGroup are mutually exclusive, only use one
enableAuthentication (boolean)	None	true, false	Enables authentication
crlFile (object)	None	See “Pointer_BIGIP”	Specifies the name of a file containing a list of revoked client certificates
dtls1_0Enabled (boolean)	true	true, false	Allow DTLS 1.0 Ciphers
dtls1_2Enabled (boolean)	true	true, false	Allow DTLS 1.2 Ciphers

DTLS_Client_Certificates¶

DTLS_Client certificates

Name	Default	Values	Description
certificate (string)	None	None	None

DTLS_Server¶

DTLS Server Profile

Name	Default	Values	Description
authenticationTrustCA (object)	None	None	Pointer to the CA Bundle used to validate client certificates
class (string)	DTLS_Server	None	None
certificates (array<DTLS_Server_Certificates>)	None	None	Primary and (optional) additional certificates (order is significant, element 0 is the primary certificate)
ciphers (string)	DEFAULT	None	Ciphersuite selection string. Ciphers and cipherGroup are mutually exclusive, only use one
enableAuthentication (boolean)	None	true, false	Enables authentication
dtls1_0Enabled (boolean)	true	true, false	Allow DTLS 1.0 Ciphers
dtls1_2Enabled (boolean)	true	true, false	Allow DTLS 1.2 Ciphers

DTLS_Server_Certificates¶

DTLS_Server certificates

Name	Default	Values	Description
certificate (string)	None	None	None

F5_String¶

The value can be either a string, text property, base64 property, url property, etc.

Name	Default	Values	Description
F5_String (string \| object)	None	None	The value can be either a string, text property, base64 property, url property, etc.

Hostname¶

Hostname

Name	Default	Values	Description
Hostname (string)	None	Pattern: [a-zA-Z_]+([a-zA-Z0-9-._]*)	Hostname

HTTP_Acceleration_Profile¶

HTTP acceleration profile with configurable options

Name	Default	Values	Description
class (string)	HTTP_Acceleration_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
agingRate (integer)	9	[0-10]	Rate at which a cache entry ages
cacheSize (integer)	100	[1-65536]	The maximum size (in megabytes) for the cache.
ignoreHeaders (string)	all	none, max-age, all	Which cache disabling headers will be ignored by the system
insertAgeHeaderEnabled (boolean)	true	true, false	Age and date headers are inserted into the response when enabled
maximumAge (integer)	3600	[0-4294967295]	How long (in seconds) the system will consider the cached content valid
maximumEntries (integer)	10000	[1-4294967295]	The maximum number of entries that can reside in the cache
maximumObjectSize (integer)	50000	[0-4294967295]	The largest object (in bytes) that the system will cache
minimumObjectSize (integer)	500	[0-4294967295]	The smallest object (in bytes) that the system will cache
uriExcludeList (array<string>)	None	None	A list of URIs that will be excluded from the cache
uriIncludeList (array<string>)	None	None	A list of URIs that will be cacheable
uriIncludeOverrideList (array<string>)	None	None	A list of URIs that should be cached even though they may normally not be due to existing constraints
uriPinnedList (array<string>)	None	None	A list of URIs that are kept in the cache regardless of maxAge or expiry settings

HTTP_Compress¶

HTTP Compression profile with configurable options

Name	Default	Values	Description
class (string)	HTTP_Compress	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
allowHTTP10 (boolean)	None	true, false	Specifies whether to forward HTTP 1.0 requests/responses (default false)
bufferSize (integer)	4096	[256-4294967295]	Maximum number of response octets to buffer before deciding whether to apply compression (default 4096)
contentTypeExcludes (array<string>)	None	None	List of response Content-Type values which BIG-IP AS3 should not compress. Values are regular expressions that match Content-Type strings
contentTypeIncludes (array<string>)	None	None	List of response Content-Type values which BIG-IP AS3 should compress. Values are regular expressions that match Content-Type strings
gzipLevel (integer)	1	[1-9]	Compression level (default 1); higher values produce greater compression but use more CPU cycles
gzipMemory (integer)	8	[1-256]	Compression memory allocation in kilobytes (default 8), should be a power of two
gzipWindowSize (integer)	16	[1-128]	Compression window size in kilobytes (default 16), should be a power of two
keepAcceptEncoding (boolean)	None	true, false	Specifies that the system does not remove the Accept-Encoding header from an HTTP request (default false)
uriExcludes (array<string>)	None	None	List of request URI’s for which BIG-IP AS3 should not compress responses. Values are regular expressions that match request URI strings
uriIncludes (array<string>)	None	None	List of request URI’s for which BIG-IP AS3 should compress responses. Values are regular expressions that match URI strings

HTTP_Profile¶

HTTP profile with configurable options

Name	Default	Values	Description
class (string)	HTTP_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
cookiePassphrase (string)	None	None	Used to create secret key for cookie encryption (when missing, BIG-IP AS3 uses a system-generated key)
encryptCookies (array<string>)	None	None	List cookies to encrypt en-route to the client and decrypt en-route to a pool member
fallbackRedirect (string)	None	Pattern: ^(([^:/?#]+):)?(//([^/?#]))?([^?#])(?([^#]))?(#(.))?	Domain name (or IP address) of service (if any) to which BIG-IP AS3 should redirect a request when no pool member is responsive or selected pool member returns a fallbackStatusCode
requestChunking (string)	preserve	selective, preserve, rechunk, sustain	Controls handling of HTTP payload chunking in requests from clients (default is ‘preserve’). Note: ‘selective’ and ‘preserve’ will be translated to ‘sustain’.
responseChunking (string)	selective	selective, preserve, unchunk, rechunk, sustain	Controls handling of HTTP payload chunking in responses from pool members (default ‘selective’ adapts to most situations). Note: ‘selective’ and ‘preserve’ will be translated to ‘sustain’.
rewriteRedirects (string)	none	none, all, matching, addresses, nodes	In selected Location-header values (default none) of redirect responses from pool members, change protocol HTTP to HTTPS before passing redirects to clients
insertHeader (object)	None	None	You may insert one header into each request before BIG-IP AS3 sends it to a pool member. The header value may be a simple string or the result of an iRules TCL expression (for example, [IP::client_addr]). This is the most efficient way to insert a single header; to insert multiple headers use an iRule or an Endpoint policy
whiteOutHeader (string)	None	Pattern: [x21-x7E]+	You may name one request header you want whited-out of each request before BIG-IP AS3 sends it to a pool member. To remove more than a single named header, use an iRule or an Endpoint policy. (Whiting-out a header leaves its name but replaces its value in the request with space characters (ASCII 0x20) to avoid changing the length of the headers.)
xForwardedFor (boolean)	true	true, false	If true, insert an X-Forwarded-For header carrying the client IP address into each HTTP request sent to a pool member (default true)
serverHeaderValue (string)	BigIP	Pattern: [x20-x7Ex80-xffx09]+	Server header value to place in responses generated by the ADC itself (not obtained from a pool member)

HTTP2_Profile¶

Profile to enable HTTP2

Name	Default	Values	Description
class (string)	HTTP2_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
activationMode (string)	alpn	alpn, always	This setting specifies the condition that will cause the BIG-IP system to handle an incoming connection as an HTTP/2 connection.
concurrentStreamsPerConnection (integer)	10	[1-256]	The number of concurrent connections to allow on a single HTTP/2 connection.
enforceTlsRequirements (boolean)	true	true, false	Enable or disable enforcement of TLS requirements.
insertHeader (boolean)	None	true, false	This setting specifies whether the BIG-IP system should add an HTTP header to the HTTP request to show that the request was received over HTTP/2.
insertHeaderName (string)	X-HTTP2	None	This setting specifies the name of the header that the BIG-IP system will add to the HTTP request when the Insert Header is enabled.

IP_Address¶

IP address (v4 or v6)

Name	Default	Values	Description
IP_Address (object)	None	See “IPv4_Address” \| See “IPv6_Address”	IP address (v4 or v6)

IP_Address_Range¶

IP address (v4 or v6) Range

Name	Default	Values	Description
IP_Address_Range (object)	None	See “IPv4_Address_Range” \| See “IPv6_Address_Range”	IP address (v4 or v6) Range

IPv4_Address¶

IPv4 Address

Name	Default	Values	Description
IPv4_Address (string)	None	Pattern: ^(([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]).){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])$	IPv4 Address

IPv4_Address_Range¶

IPv4 Address Range

Name	Default	Values	Description
IPv4_Address_Range (string)	None	Pattern: ^(([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]).){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])((/([0-9]\|[1-2][0-9]\|3[0-2]))?\|(-((([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]).){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])))?)$	IPv4 Address Range

IPv4_Netmask¶

IPv4 Netmask used to divide an IP v4 address into subnets and specify the network’s available hosts

Name	Default	Values	Description
IPv4_Netmask (string)	None	Pattern: ^((0\|128\|192\|224\|240\|248\|252\|254\|255).0.0.0\|255.(0\|128\|192\|224\|240\|248\|252\|254\|255).0.0\|255.255.(0\|128\|192\|224\|240\|248\|252\|254\|255).0\|255.255.255.(0\|128\|192\|224\|240\|248\|252\|254\|255))$	IPv4 Netmask used to divide an IP v4 address into subnets and specify the network’s available hosts

IPv6_Address¶

IPv6 Address

Name	Default	Values	Description
IPv6_Address (string)	None	Pattern: ^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:))$	IPv6 Address

IPv6_Address_Range¶

IPv6 Address Range

Name	Default	Values	Description
IPv6_Address_Range (string)	None	Pattern: ^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:))((/((12[0-8]\|1[0-1][0-9]\|[1-9][0-9]\|[0-9])))?\|(-((([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:))))?)$	IPv6 Address Range

IPv6_Netmask¶

IPv6 Netmask used to divide an address into subnets and specify the network’s available hosts

Name	Default	Values	Description
IPv6_Netmask (string)	None	Pattern: ^(((0{0,4}\|[Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(::\|::0{1,4}(:0{1,4}){0,5}\|(:0{1,4}){7}\|(:0{1,4}){1,6}::\|(:0{1,4}){1,5}::0{1,4}\|(:0{1,4}){1,4}:(:0{1,4}){1,2}\|(:0{1,4}){1,3}:(:0{1,4}){1,3}\|(:0{1,4}){1,2}:(:0{1,4}){1,4}\|:0{1,4}:(:0{1,4}){1,5}))\|(([Ff]{4}:){1}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(::\|::0{1,4}(:0{1,4}){0,4}\|(:0{1,4}){6}\|(:0{1,4}){1,5}::\|(:0{1,4}){1,4}::0{1,4}?\|(:0{1,4}){1,3}:(:0{1,4}){1,2}\|(:0{1,4}){1,2}:(:0{1,4}){1,3}\|:0{1,4}:(:0{1,4}){1,4}))\|(([Ff]{4}:){2}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(::\|::0{1,4}(:0{1,4}){0,3}\|(:0{1,4}){5}\|(:0{1,4}){1,4}::\|(:0{1,4}){1,3}::0{1,4}?\|(:0{1,4}){1,2}:(:0{1,4}){1,2}\|:0{1,4}:(:0{1,4}){1,3}))\|(([Ff]{4}:){3}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(::\|::0{1,4}(:0{1,4}){0,2}\|(:0{1,4}){4}\|(:0{1,4}){1,3}::\|(:0{1,4}){1,2}::0{1,4}?\|:0{1,4}:(:0{1,4}){1,2}))\|(([Ff]{4}:){4}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(::\|::0{1,4}(:0{1,4}){0,1}\|(:0{1,4}){3}\|(:0{1,4}){1,2}::\|:0{1,4}::0{1,4}?))\|(([Ff]{4}:){5}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(::\|::0{1,4}\|(:0{1,4}){2}\|(:0{1,4})::))\|(([Ff]{4}:){6}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)(:0{1,4}\|::))\|(([Ff]{4}:){7}([Ff]{3}[8CcEeFf0]\|[Ff]{2}[8CcEeFf]0\|[Ff][8CcEeFf]00\|[8CcEeFf]000)))$	IPv6 Netmask used to divide an address into subnets and specify the network’s available hosts

IRule¶

iRule definition with configurable options

Name	Default	Values	Description
class (string)	iRule	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
iRule (object)	None	See “IRule_Core”	Reference to an iRule or text of an iRule

IRule_Core¶

Reference to an iRule or text of an iRule

Name	Default	Values	Description
IRule_Core (object)	None	See “F5_String”	Reference to an iRule or text of an iRule

JWE¶

A value in a cryptogram which is a Flattened JWE JSON Serialization object. If ‘miniJWE’ is true then enc=(none|f5sv) only (in JOSE header)

Name	Default	Values	Description
ciphertext (string)	None	None	Put base64url(data_value) here
protected (string)	eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0	None	If you see ‘protected’=’eyJhbGciOiJkaXIiLCJlbmMiOiJmNXN2In0’, ‘ciphertext’ contains base64url-encoded SecureVault cryptogram. JOSE header: alg=dir, enc=(none\|f5sv); default enc=none (encoded default is ‘protected’=’eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0’, use with secret simply base64 url-encoded into ‘ciphertext’).

L4_DSR_Profile¶

Configures a Fast Layer 4 DSR profile

Name	Default	Values	Description
class (string)	L4_DSR_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
idleTimeout (integer)	300	None	Number of seconds (default 300) connection may remain idle before it becomes eligible for deletion
looseClose (object)	true	See “Property_Loose_Close”	When true, system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server
looseInitialization (object)	None	See “Property_Loose_Initialization”	When true, system initializes a connection when it receives any TCP packet, rather than requiring a SYN packet for connection initiation
resetOnTimeout (object)	true	See “Property_Reset_On_Timeout”	Specifies whether to reset connections on timeout
tcpCloseTimeout (object)	5	See “Property_TCP_Close_Timeout”	Specifies a TCP close timeout in seconds
tcpHandshakeTimeout (object)	5	See “Property_TCP_Handshake_Timeout”	Specifies a TCP handshake timeout in seconds
pvaAccelerationMode (object)	full	See “Property_PVA_Acceleration_Mode”	Specifies the preferred acceleration mode for the Packet Velocity ASIC (PVA) if the platform supports PVA acceleration. Full - Specifies the system applies full PVA acceleration when possible. Assisted - Specifies the system applies partial PVA acceleration. None - Specifies the system does not use PVA acceleration. Dedicated - Unconditionally enables ePVA acceleration for all TCP FastL4 connections. Inactive, but established connections are not removed from the ePVA to guarantee low latency forwarding for future packets.
pvaDynamicServerPackets (object)	None	See “Property_PVA_Dynamic_Server_Packets”	Indicates the number of server packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10.
pvaDynamicClientPackets (object)	1	See “Property_PVA_Dynamic_Client_Packets”	Indicates the number of client packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10.
ipTosToServer (integer)	None	[0-255]	Specify the Type of Service (TOS) handling for traffic flowing towards the server (default 0)

L4_Profile¶

Configures a Fast Layer 4 profile

Name	Default	Values	Description
class (string)	L4_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
idleTimeout (integer)	300	None	Number of seconds (default 300) connection may remain idle before it becomes eligible for deletion
looseClose (object)	None	See “Property_Loose_Close”	When true, system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server
looseInitialization (object)	None	See “Property_Loose_Initialization”	When true, system initializes a connection when it receives any TCP packet, rather than requiring a SYN packet for connection initiation
resetOnTimeout (object)	true	See “Property_Reset_On_Timeout”	Specifies whether to reset connections on timeout
tcpCloseTimeout (object)	5	See “Property_TCP_Close_Timeout”	Specifies a TCP close timeout in seconds
tcpHandshakeTimeout (object)	5	See “Property_TCP_Handshake_Timeout”	Specifies a TCP handshake timeout in seconds
pvaAccelerationMode (object)	full	See “Property_PVA_Acceleration_Mode”	Specifies the preferred acceleration mode for the Packet Velocity ASIC (PVA) if the platform supports PVA acceleration. Full - Specifies the system applies full PVA acceleration when possible. Assisted - Specifies the system applies partial PVA acceleration. None - Specifies the system does not use PVA acceleration. Dedicated - Unconditionally enables ePVA acceleration for all TCP FastL4 connections. Inactive, but established connections are not removed from the ePVA to guarantee low latency forwarding for future packets.
pvaDynamicServerPackets (object)	None	See “Property_PVA_Dynamic_Server_Packets”	Indicates the number of server packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10.
pvaDynamicClientPackets (object)	1	See “Property_PVA_Dynamic_Client_Packets”	Indicates the number of client packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10.

Label¶

Optional friendly name for this object

Name	Default	Values	Description
Label (string)	None	None	Optional friendly name for this object

LastHop¶

Name of built-in last-hop method used for tracking of source MAC address of incoming connections. (default ‘default’ means use system setting)

Name	Default	Values	Description
LastHop (string)	default	default, auto, disable	Name of built-in last-hop method used for tracking of source MAC address of incoming connections. (default ‘default’ means use system setting)

MaxConnections¶

Specifies the maximum number of concurrent connections you want to allow for the virtual server

Name	Default	Values	Description
MaxConnections (integer)	None	[0-65535]	Specifies the maximum number of concurrent connections you want to allow for the virtual server

Metadata¶

Useful data-points for tracking, tagging, and organizing declarations.

Name	Default	Values	Description
value (string)	None	None	None
persist (boolean)	true	true, false	None

Mirroring¶

Controls connection-mirroring for high-availability

Name	Default	Values	Description
Mirroring (string)	None	none, L4	Controls connection-mirroring for high-availability

Monitor¶

Declares a (possibly complex) monitor

Name	Default	Values	Description
Monitor (object)	None	None	Declares a (possibly complex) monitor
class (string)	Monitor	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
monitorType (string)	None	http, https, http2, icmp, inband, tcp, tcp-half-open, udp	Specifies the type of monitor

Monitor_HTTP¶

Monitor HTTP definition

Name	Default	Values	Description
class (string)	Monitor	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
interval (integer)	5	[0-3600]	Poll interval (seconds)
monitorType (string)	None	None	Specifies the type of monitor
passphrase (object)	None	None	None
receive (string)	None	None	Mark node up upon receipt of this (backquote-expanded) string
receiveDown (string)	None	None	Mark node down upon receipt of this (backquote-expanded) string (optional; must be empty when ‘reverse’ is true)
send (string)	None	None	Send this (backquote-expanded) string to query node
tcp (object)	None	None	Specifies TCP settings for monitor communications.
timeout (integer)	16	[0-900]	Time limit for node to respond (seconds)
username (string)	None	None	Username if any for query authentication

Monitor_ICMP¶

Monitor ICMP definition

Name	Default	Values	Description
class (string)	Monitor	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
interval (integer)	5	[0-3600]	Poll interval (seconds)
monitorType (string)	None	None	Specifies the type of monitor
timeout (integer)	16	[0-900]	Time limit for node to respond (seconds)

Monitor_Inband¶

Monitor Inband definition

Name	Default	Values	Description
class (string)	Monitor	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
failureInterval (integer)	None	None	Specifies an interval, in seconds. If the number of failures specified in the failures option occurs within this interval, the system marks the pool member as being unavailable.
failures (integer)	None	None	Specifies the number of failures that the system allows to occur, within the time period specified in the failureInterval property, before marking a pool member unavailable. The multiple tmm processes use a per-process number to calculate failures, depending on the specified load. For example, for the Round Robin load balancing method, if there are N tmm processes and M pool members, and the Failures property is set to L, then up to NML+1 failures can occur before the system marks the node as down. Specifying a value of 0 disables this option. A failure can be either a failure to connect or a failure of the pool member to respond within the time specified in the responseTime property.
monitorType (string)	None	None	Specifies the type of monitor
responseTime (integer)	None	None	Specifies an amount of time, in seconds. If the pool member does not respond with data after the specified amount of time has passed, the number of failures in this interval increments by 1. Specifying a value of 0 disables this option.
retryTime (integer)	None	None	Specifies the amount of time in seconds after the pool member has been marked unavailable before the system retries to connect to the pool member. Specifying a value of 0 disables this option.

Monitor_TCP¶

Monitor TCP definition

Name	Default	Values	Description
class (string)	Monitor	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
interval (integer)	5	[0-3600]	Poll interval (seconds)
monitorType (string)	None	None	Specifies the type of monitor
receive (string)	None	None	Mark node up upon receipt of this (backquote-expanded) string
receiveDown (string)	None	None	Mark node down upon receipt of this (backquote-expanded) string (optional; must be empty when ‘reverse’ is true)
send (string)	None	None	Send this (backquote-expanded) string to query node
tcp (object)	None	None	Specifies TCP settings for monitor communications.
timeout (integer)	16	[0-900]	Time limit for node to respond (seconds)

Monitor_TCP_Half_Open¶

Monitor properties available when monitorType = tcp-half-open

Name	Default	Values	Description
class (string)	Monitor	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
interval (integer)	5	[1-2147483647]	Poll interval (seconds)
monitorType (string)	None	None	Specifies the type of monitor
timeout (integer)	5	[1-2147483647]	Specifies, in seconds, the time in which the target must respond. The value of timeout should be less than or equal to interval.

Monitor_UDP¶

Monitor UDP definition

Name	Default	Values	Description
class (string)	Monitor	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
interval (integer)	5	[0-3600]	Poll interval (seconds)
monitorType (string)	None	None	Specifies the type of monitor
receive (string)	None	None	Mark node up upon receipt of this (backquote-expanded) string
send (string)	None	None	Send this (backquote-expanded) string to node
timeout (integer)	16	[0-900]	Time limit for node to respond (seconds)
udp (object)	None	None	None

Multiplex_Profile¶

Multiplex (OneConnect) profile with configurable options

Name	Default	Values	Description
class (string)	Multiplex_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
sourceMask (string)	None	None	Idle connection re-use applies to connections whose source address matches this mask

Persist¶

Declares persistence settings

Name	Default	Values	Description
Persist (object)	None	None	Declares persistence settings
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method

Persist_Addr¶

Configures an address affinity persistence profile

Name	Default	Values	Description
class (string)	Persist	None	None
addressMask (object)	None	See “AddressMask”	Specifies the prefix length that you want to use as the mask. The default is None. The length can be the number of set bits in a bitmask between 0 and 32 for IPv4 or mask which specifies portion of address used
addressMaskIPv6 (object)	None	See “AddressMaskIPv6”	Specifies the prefix length that you want to use as the mask. The default is None. The length must be the number of set bits in a bitmask between 0 and 128 for IPv6.
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
duration (object)	None	See “Property_Duration”	Lifetime of persistence record (seconds, default 0 means indefinite)
matchAcrossPools (object)	None	See “Property_Match_Across_Pools”	Specifies that the system can use any pool that contains this persistence record
matchAcrossVirtualAddresses (object)	None	See “Property_Match_Across_Virtual_Addresses”	Specifies that all persistent connections from the same client IP address go to the same node
matchAcrossVirtualPorts (object)	None	See “Property_Match_Across_Virtual_Ports”	Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method

Persist_Cookie_Hash¶

Configures a cookie persistence profile hash method

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
alwaysSet (object)	None	See “Property_Always_Set”	If true, set cookie with every HTTP response (default false)
cookieMethod (object)	None	See “Property_Cookie_Method”	Selects cookie processing method (default is insert)
cookieName (string)	None	None	Cookie name for hash method (requires non-empty string)
duration (object)	None	See “Property_Duration”	Lifetime of persistence record (seconds, default 0 means indefinite)
encrypt (object)	None	See “Property_Encrypt”	If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)
matchAcrossPools (object)	None	See “Property_Match_Across_Pools”	Specifies that the system can use any pool that contains this persistence record
matchAcrossVirtualAddresses (object)	None	See “Property_Match_Across_Virtual_Addresses”	Specifies that all persistent connections from the same client IP address go to the same node
matchAcrossVirtualPorts (object)	None	See “Property_Match_Across_Virtual_Ports”	Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node
passphrase (object)	None	See “Property_Passphrase”	A passphrase (passphrase property)
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method

Persist_Cookie_Insert¶

Configures a cookie persistence profile for Insert Method

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
alwaysSet (object)	None	See “Property_Always_Set”	If true, set cookie with every HTTP response (default false)
cookieMethod (object)	insert	See “Property_Cookie_Method”	Selects cookie processing method (default is insert)
cookieName (object)	None	See “Property_Cookie_Name”	Cookie name (for method ‘insert’, default (empty-string) yields system-generated name)
duration (object)	None	See “Property_Duration”	Lifetime of persistence record (seconds, default 0 means indefinite)
encrypt (object)	None	See “Property_Encrypt”	If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)
encryptCookieL4serverside (object)	None	See “Property_Encrypt_Cookie_L4_Server_Side”	Specifies whether the L4-serverside name in the inserted BigIPServer default cookie should be encrypted
httpOnly (boolean)	true	true, false	If true (default) the system sets the HTTPOnly flag
passphrase (object)	None	See “Property_Passphrase”	A passphrase (passphrase property)
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method
ttl (object)	None	See “Property_Ttl”	Requested cookie lifetime (seconds, default 0 means session cookie)
secure (boolean)	true	true, false	If true (default) the system sets the Secure (TLS) flag

Persist_Cookie_Passive¶

Configures a cookie persistence profile passive method

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
alwaysSet (object)	None	See “Property_Always_Set”	If true, set cookie with every HTTP response (default false)
cookieMethod (object)	None	See “Property_Cookie_Method”	Selects cookie processing method (default is insert)
cookieName (string)	None	None	Cookie name for passive method (requires non-empty string)
encrypt (object)	None	See “Property_Encrypt”	If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)
passphrase (object)	None	See “Property_Passphrase”	A passphrase (passphrase property)
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method

Persist_Cookie_Rewrite¶

Configures a cookie persistence profile rewrite method

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
alwaysSet (object)	None	See “Property_Always_Set”	If true, set cookie with every HTTP response (default false)
cookieName (object)	None	See “Property_Cookie_Name”	Cookie name (for method ‘insert’, default (empty-string) yields system-generated name)
cookieMethod (object)	None	See “Property_Cookie_Method”	Selects cookie processing method (default is insert)
encrypt (object)	None	See “Property_Encrypt”	If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)
encryptCookieL4serverside (object)	None	See “Property_Encrypt_Cookie_L4_Server_Side”	Specifies whether the L4-serverside name in the inserted BigIPServer default cookie should be encrypted
passphrase (object)	None	See “Property_Passphrase”	A passphrase (passphrase property)
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method
ttl (object)	None	See “Property_Ttl”	Requested cookie lifetime (seconds, default 0 means session cookie)

Persist_TLS_Session¶

Configures an address affinity persistence profile

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
duration (object)	None	See “Property_Duration”	Lifetime of persistence record (seconds, default 0 means indefinite)
matchAcrossPools (object)	None	See “Property_Match_Across_Pools”	Specifies that the system can use any pool that contains this persistence record
matchAcrossVirtualAddresses (object)	None	See “Property_Match_Across_Virtual_Addresses”	Specifies that all persistent connections from the same client IP address go to the same node
matchAcrossVirtualPorts (object)	None	See “Property_Match_Across_Virtual_Ports”	Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method
overrideConnectionLimit (object)	None	See “Property_Override_Connection_Limit”	If true, do not enforce pool member connection limit for persisted connections

Persist_UIE¶

Configures a universal persistence profile

Name	Default	Values	Description
class (string)	Persist	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
duration (object)	None	See “Property_Duration”	Lifetime of persistence record (seconds, default 0 means indefinite)
matchAcrossPools (object)	None	See “Property_Match_Across_Pools”	Specifies that the system can use any pool that contains this persistence record
matchAcrossVirtualAddresses (object)	None	See “Property_Match_Across_Virtual_Addresses”	Specifies that all persistent connections from the same client IP address go to the same node
matchAcrossVirtualPorts (object)	None	See “Property_Match_Across_Virtual_Ports”	Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node
persistenceMethod (object)	None	See “Property_Persistence_Method”	You may customize each basic persistence method
overrideConnectionLimit (object)	None	See “Property_Override_Connection_Limit”	If true, do not enforce pool member connection limit for persisted connections
iRule (object)	None	See “Pointer_IRule”	iRule reference

Pointer_Allow_Networks¶

Names of existing L3 Networks that the application will pass traffic to.

Name	Default	Values	Description
Pointer_Allow_Networks (array<Pointer_BIGIP>)	None	None	Names of existing L3 Networks that the application will pass traffic to.

Pointer_Allow_Vlans¶

Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.

Name	Default	Values	Description
Pointer_Allow_Vlans (array<Pointer_BIGIP>)	None	None	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.

Pointer_Analytics_TCP_Profile¶

Reference for Analytics TCP Profile definition

Name	Default	Values	Description
Pointer_Analytics_TCP_Profile (object)	None	See “Pointer_Use” \| None	Reference for Analytics TCP Profile definition

Pointer_BIGIP¶

Reference for a BIG-IP object

Name	Default	Values	Description
bigip (string)	None	None	Path to BIG-IP object

Pointer_BIGIP_Or_Use¶

Reference for a BIG-IP or Use object

Name	Default	Values	Description
Pointer_BIGIP_Or_Use (object)	None	None	Reference for a BIG-IP or Use object

Pointer_CA_Bundle¶

Reference to a Ca Bundle

Name	Default	Values	Description
bigip (string)	None	None	Pathname of existing BIG-IP Ca Bundle
use (object)	None	None	None

Pointer_CM¶

Reference for a CM object

Name	Default	Values	Description
cm (string)	None	None	Name of a CM object

Pointer_CM_Condition¶

System reference pointer (cm) condition check

Name	Default	Values	Description
Pointer_CM_Condition (object)	None	None	System reference pointer (cm) condition check

Pointer_CM_IRule¶

Reference for a CM iRule object

Name	Default	Values	Description
cm (object)	None	See “Pointer_CM_IRule_Properties”	CM iRule Pointer Data Object

Pointer_CM_IRule_Or_Use¶

System reference pointers (cm) or Use pointer

Name	Default	Values	Description
Pointer_CM_IRule_Or_Use (object)	None	None	System reference pointers (cm) or Use pointer

Pointer_CM_IRule_Properties¶

CM iRule Pointer Data Object

Name	Default	Values	Description
name (string)	None	None	None
version (string)	None	None	None
staged (boolean)	None	true, false	None
userId (string)	None	None	None

Pointer_CM_Or_Use¶

System reference pointers (cm) or Use pointer

Name	Default	Values	Description
Pointer_CM_Or_Use (object)	None	None	System reference pointers (cm) or Use pointer

Pointer_DTLS_Client¶

BIG-IP AS3 pointer to DTLS Client Profile

Name	Default	Values	Description
Pointer_DTLS_Client (string)	None	None	BIG-IP AS3 pointer to DTLS Client Profile

Pointer_DTLS_Server¶

BIG-IP AS3 pointer to DTLS Server Profile

Name	Default	Values	Description
Pointer_DTLS_Server (string)	None	None	BIG-IP AS3 pointer to DTLS Server Profile

Pointer_F5_String_Or_BIGIP¶

Reference for a property or BIG-IP object

Name	Default	Values	Description
Pointer_F5_String_Or_BIGIP (object)	None	None	Reference for a property or BIG-IP object

Pointer_HTTP_Acceleration_Profile¶

Reference to a HTTP Acceleration Profile

Name	Default	Values	Description
Pointer_HTTP_Acceleration_Profile (object)	None	None	Reference to a HTTP Acceleration Profile
bigip (string)	None	None	Pathname of existing BIG-IP HTTP Acceleration Profile
use (string)	None	None	AS3 pointer to HTTP Acceleration Profile declaration

Pointer_IRule¶

iRule reference

Name	Default	Values	Description
Pointer_IRule (object)	None	None	iRule reference

Pointer_IRules¶

List of iRule references

Name	Default	Values	Description
Pointer_IRules (array<Pointer_IRule>)	None	None	List of iRule references

Pointer_Monitor¶

Name or path to monitor

Name	Default	Values	Description
use (object)	None	None	None

Pointer_Multiplex_Profile¶

Reference for Multiplex Profile definition

Name	Default	Values	Description
Pointer_Multiplex_Profile (object)	None	See “Pointer_Use” \| None	Reference for Multiplex Profile definition

Pointer_Persist_Declaration¶

Reference to a Persist Declaration

Name	Default	Values	Description
use (string)	None	None	BIG-IP AS3 pointer to Persist declaration

Pointer_Pool¶

Reference to a pool

Name	Default	Values	Description
Pointer_Pool (object)	None	See “Pointer_BIGIP_Or_Use” \| None	Reference to a pool

Pointer_Pool_Object_Or_String¶

Reference to a pool

Name	Default	Values	Description
Pointer_Pool_Object_Or_String (object)	None	None	Reference to a pool

Pointer_Profile¶

BIG-IP AS3 pointer to Ingress Engress Profile declaration

Name	Default	Values	Description
Pointer_Profile (string)	None	None	BIG-IP AS3 pointer to Ingress Engress Profile declaration

Pointer_Profile_Analytics¶

Reference for Profile Analytics definition

Name	Default	Values	Description
Pointer_Profile_Analytics (object)	None	See “Pointer_Use” \| None	Reference for Profile Analytics definition

Pointer_Profile_Fallback_Persistence¶

Reference for Profile Fallback Persistence

Name	Default	Values	Description
Pointer_Profile_Fallback_Persistence (object)	None	None	Reference for Profile Fallback Persistence

Pointer_Profile_FAST_L4_Persistence¶

Reference for Profile FAST L4 Persistence

Name	Default	Values	Description
Pointer_Profile_FAST_L4_Persistence (array<string \| object>)	None	None	Reference for Profile FAST L4 Persistence

Pointer_Profile_HTTP_Persistence¶

Reference for Profile Persistence

Name	Default	Values	Description
Pointer_Profile_HTTP_Persistence (array<string \| object>)	None	None	Reference for Profile Persistence

Pointer_Profile_Ingress_Egress¶

Reference use, ingress, and egress on profile

Name	Default	Values	Description
use (object)	None	None	None
ingress (object)	None	None	None
egress (object)	None	None	None

Pointer_Profile_L4¶

Reference for Profile L4

Name	Default	Values	Description
Pointer_Profile_L4 (object)	None	See “Pointer_Profile_Standard” \| None	Reference for Profile L4

Pointer_Profile_Standard¶

Reference for a standard profile

Name	Default	Values	Description
Pointer_Profile_Standard (object)	None	See “Pointer_Use”	Reference for a standard profile

Pointer_Profile_Standard_Plus_Template¶

Reference for a standard profile with template

Name	Default	Values	Description
Pointer_Profile_Standard_Plus_Template (object)	None	None	Reference for a standard profile with template

Pointer_Profile_TCP_Persistence¶

Reference for Profile Persistence

Name	Default	Values	Description
Pointer_Profile_TCP_Persistence (array<string \| object>)	None	None	Reference for Profile Persistence

Pointer_Profile_UDP_Persistence¶

Reference for Profile Persistence

Name	Default	Values	Description
Pointer_Profile_UDP_Persistence (array<string \| object>)	None	None	Reference for Profile Persistence

Pointer_Reject_Vlans¶

Names of existing VLANs (or L3 Networks for Next) that the application will not pass traffic to.

Name	Default	Values	Description
Pointer_Reject_Vlans (array<Pointer_BIGIP>)	None	None	Names of existing VLANs (or L3 Networks for Next) that the application will not pass traffic to.

Pointer_SNAT¶

Reference for SNAT pointer (includes string and snat pool)

Name	Default	Values	Description
Pointer_SNAT (object)	None	None	Reference for SNAT pointer (includes string and snat pool)

Pointer_String¶

Reference that is a string

Name	Default	Values	Description
Pointer_String (string)	None	None	Reference that is a string

Pointer_System_All¶

All system reference pointers valid for the runtime (bigip, cm, etc.)

Name	Default	Values	Description
Pointer_System_All (object)	None	None	All system reference pointers valid for the runtime (bigip, cm, etc.)

Pointer_System_All_Condition¶

System reference pointers condition check

Name	Default	Values	Description
Pointer_System_All_Condition (object)	None	None	System reference pointers condition check

Pointer_System_All_List¶

List of All system reference pointers

Name	Default	Values	Description
Pointer_System_All_List (array<Pointer_System_All>)	None	None	List of All system reference pointers

Pointer_System_All_Or_F5_String¶

System reference pointers (all valid for the runtime) or F5 string

Name	Default	Values	Description
Pointer_System_All_Or_F5_String (object)	None	None	System reference pointers (all valid for the runtime) or F5 string

Pointer_System_All_Or_Use¶

System reference pointers (all valid for the runtime) or Use pointer

Name	Default	Values	Description
Pointer_System_All_Or_Use (object)	None	None	System reference pointers (all valid for the runtime) or Use pointer

Pointer_TLS_Forward_Proxy_Client¶

BIG-IP AS3 pointer to TLS Forward Proxy Client Profile

Name	Default	Values	Description
Pointer_TLS_Forward_Proxy_Client (string)	None	None	BIG-IP AS3 pointer to TLS Forward Proxy Client Profile

Pointer_TLS_Forward_Proxy_Server¶

BIG-IP AS3 pointer to TLS Forward Proxy Server Profile

Name	Default	Values	Description
Pointer_TLS_Forward_Proxy_Server (string)	None	None	BIG-IP AS3 pointer to TLS Forward Proxy Server Profile

Pointer_Use¶

Reference for use property

Name	Default	Values	Description
use (object)	None	See “Property_Use”	Path to object in declaration

Pointer_Use_Or_String¶

Reference for use property or string

Name	Default	Values	Description
Pointer_Use_Or_String (object)	None	None	Reference for use property or string

Pointer_Waf_Policy¶

Reference for WAF Policy definition

Name	Default	Values	Description
Pointer_Waf_Policy (object)	None	None	Reference for WAF Policy definition

Pool¶

Declares a service pool

Name	Default	Values	Description
class (string)	Pool	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
allowNetworks (array<Pointer_BIGIP>)	None	None	Names of existing L3 Networks the pool members accept traffic from.
allowVlans (array<Pointer_BIGIP>)	None	None	Names of existing VLANs the pool members accept traffic from. This is deprecated and will be removed in a future release.
loadBalancingMode (string)	round-robin	fastest-app-response, least-connections-member, predictive-member, ratio-least-connections-member, ratio-session, round-robin, weighted-round-robin	Load-balancing mode
slowRampTime (integer)	10	[0-4294967295]	Sets the ramp-up time (in seconds) to gradually ramp up the load on newly added or freshly detected up pool members
serviceDownAction (string)	none	none, reset, drop, reselect	The action to take if the service associated to this pool is marked down
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
monitors (array<object>)	None	None	None
members (array<Pool_Member>)	None	None	None
minimumMembersActive (integer)	None	[0-65535]	The minimum number of endpoints that must remain active in order to send traffic to that priority group. If value is zero, priority group functionality is disabled
service (boolean)	None	true, false	Specifies whether a standalone Service should be created for this Pool

Pool_Member¶

Declares a service pool member

Name	Default	Values	Description
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
addressDiscovery (string)	None	None	Selects how server (node) addresses are discovered
adminState (string)	enable	enable, disable, offline	Setting adminState to enable will create the node in an operational state. Set to disable to disallow new connections but allow existing connections to drain. Set to offline to force immediate termination of all connections
connectionLimit (integer)	None	[0-4294967295]	Maximum concurrent connections to member
priorityGroup (integer)	None	[0-65535]	None
rateLimit (integer)	None	[0-4294967295]	Maximum rate at which connecitons can be made to the pool member
ratio (integer)	None	[0-100]	Specifies the weight of the pool member for load balancing purposes
servicePort (integer)	None	[0-65535]	None
serverAddresses (array<IP_Address>)	None	None	Static IP addresses of servers (nodes)
servers (array<Pool_Member_Servers>)	None	None	Same as serverAddresses, but allowing for further specification of each node
shareNodes (boolean)	None	true, false	If enabled, nodes are created in /Common instead of the tenant’s partition
weight (integer)	None	[1-65535]	Specifies the weight for load balancing with weight-based load balancing methods

Pool_Member_Servers¶

Pool Member Servers

Name	Default	Values	Description
address (string)	None	See “IP_Address”	IP address (v4 or v6)
name (string)	None	None	None

Property_Always_Set¶

If true, set cookie with every HTTP response (default false)

Name	Default	Values	Description
Property_Always_Set (boolean)	None	true, false	If true, set cookie with every HTTP response (default false)

Property_Base64¶

A Base64-encoded value (base64 property)

Name	Default	Values	Description
Property_Base64 (object)	None	See “Resource_Base64”	A Base64-encoded value (base64 property)

Property_Cookie_Method¶

Selects cookie processing method (default is insert)

Name	Default	Values	Description
Property_Cookie_Method (string)	insert	insert, hash, passive, rewrite	Selects cookie processing method (default is insert)

Property_Cookie_Name¶

Cookie name (for method ‘insert’, default (empty-string) yields system-generated name)

Name	Default	Values	Description
Property_Cookie_Name (string)	None	Pattern: ^[0-9A-Za-z.~#$%^&_-]$	Cookie name (for method ‘insert’, default (empty-string) yields system-generated name)

Property_Duration¶

Lifetime of persistence record (seconds, default 0 means indefinite)

Name	Default	Values	Description
Property_Duration (integer)	None	[0-604800]	Lifetime of persistence record (seconds, default 0 means indefinite)

Property_Encrypt¶

If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)

Name	Default	Values	Description
Property_Encrypt (boolean)	None	true, false	If true, prevent disclosure of (or tampering with) ADC info in cookie (default false, to reduce latency)

Property_Encrypt_Cookie_L4_Server_Side¶

Specifies whether the L4-serverside name in the inserted BigIPServer default cookie should be encrypted

Name	Default	Values	Description
Property_Encrypt_Cookie_L4_Server_Side (boolean)	None	true, false	Specifies whether the L4-serverside name in the inserted BigIPServer default cookie should be encrypted

Property_Idle_Timeout¶

Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion

Name	Default	Values	Description
Property_Idle_Timeout (integer)	None	None	Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion

Property_Loose_Close¶

When true, system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server

Name	Default	Values	Description
Property_Loose_Close (boolean)	None	true, false	When true, system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server

Property_Loose_Initialization¶

When true, system initializes a connection when it receives any TCP packet, rather than requiring a SYN packet for connection initiation

Name	Default	Values	Description
Property_Loose_Initialization (boolean)	None	true, false	When true, system initializes a connection when it receives any TCP packet, rather than requiring a SYN packet for connection initiation

Property_Match_Across_Pools¶

Specifies that the system can use any pool that contains this persistence record

Name	Default	Values	Description
Property_Match_Across_Pools (boolean)	None	true, false	Specifies that the system can use any pool that contains this persistence record

Property_Match_Across_Virtual_Addresses¶

Specifies that all persistent connections from the same client IP address go to the same node

Name	Default	Values	Description
Property_Match_Across_Virtual_Addresses (boolean)	None	true, false	Specifies that all persistent connections from the same client IP address go to the same node

Property_Match_Across_Virtual_Ports¶

Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node

Name	Default	Values	Description
Property_Match_Across_Virtual_Ports (boolean)	None	true, false	Specifies that all persistent connections from a client IP address that go to the same virtual IP address also go to the same node

Property_Names¶

Property names

Name	Default	Values	Description
Property_Names (object)	None	Pattern: ^[A-Za-z-][0-9A-Za-z-_:.-]*$	Property names

Property_Override_Connection_Limit¶

If true, do not enforce pool member connection limit for persisted connections

Name	Default	Values	Description
Property_Override_Connection_Limit (boolean)	None	true, false	If true, do not enforce pool member connection limit for persisted connections

Property_Passphrase¶

A passphrase (passphrase property)

Name	Default	Values	Description
Property_Passphrase (object)	None	See “Secret”	A passphrase (passphrase property)

Property_Persistence_Method¶

You may customize each basic persistence method

Name	Default	Values	Description
Property_Persistence_Method (string)	None	cookie, destination-address, source-address, tls-session-id, universal	You may customize each basic persistence method

Property_Proxy_Buffer_High¶

The system closes the receive window when the number of octets in proxy buffer rises above this value

Name	Default	Values	Description
Property_Proxy_Buffer_High (integer)	None	[16384-67108864]	The system closes the receive window when the number of octets in proxy buffer rises above this value

Property_Proxy_Buffer_Low¶

The system opens the receive window when the number of octets in proxy buffer falls below this value

Name	Default	Values	Description
Property_Proxy_Buffer_Low (integer)	None	[4096-67108864]	The system opens the receive window when the number of octets in proxy buffer falls below this value

Property_PVA_Acceleration_Mode¶

Specifies the preferred acceleration mode for the Packet Velocity ASIC (PVA) if the platform supports PVA acceleration. Full - Specifies the system applies full PVA acceleration when possible. Assisted - Specifies the system applies partial PVA acceleration. None - Specifies the system does not use PVA acceleration. Dedicated - Unconditionally enables ePVA acceleration for all TCP FastL4 connections. Inactive, but established connections are not removed from the ePVA to guarantee low latency forwarding for future packets.

Name	Default	Values	Description
Property_PVA_Acceleration_Mode (string)	None	full, assisted, none, dedicated	Specifies the preferred acceleration mode for the Packet Velocity ASIC (PVA) if the platform supports PVA acceleration. Full - Specifies the system applies full PVA acceleration when possible. Assisted - Specifies the system applies partial PVA acceleration. None - Specifies the system does not use PVA acceleration. Dedicated - Unconditionally enables ePVA acceleration for all TCP FastL4 connections. Inactive, but established connections are not removed from the ePVA to guarantee low latency forwarding for future packets.

Property_PVA_Dynamic_Client_Packets¶

Indicates the number of client packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10.

Name	Default	Values	Description
Property_PVA_Dynamic_Client_Packets (integer)	None	[0-10]	Indicates the number of client packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10.

Property_PVA_Dynamic_Server_Packets¶

Indicates the number of server packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10.

Name	Default	Values	Description
Property_PVA_Dynamic_Server_Packets (integer)	None	[0-10]	Indicates the number of server packets before dynamic ePVA hardware re-offloading occurs. The valid range is from 0 (zero) through 10.

Property_Reset_On_Timeout¶

Specifies whether to reset connections on timeout

Name	Default	Values	Description
Property_Reset_On_Timeout (boolean)	None	true, false	Specifies whether to reset connections on timeout

Property_Send_Buffer_Size¶

Maximum size of send buffer in bytes

Name	Default	Values	Description
Property_Send_Buffer_Size (integer)	None	[536-67108864]	Maximum size of send buffer in bytes

Property_TCP_Close_Timeout¶

Specifies a TCP close timeout in seconds

Name	Default	Values	Description
Property_TCP_Close_Timeout (integer)	None	[5-86400]	Specifies a TCP close timeout in seconds

Property_TCP_Handshake_Timeout¶

Specifies a TCP handshake timeout in seconds

Name	Default	Values	Description
Property_TCP_Handshake_Timeout (integer)	None	[5-86400]	Specifies a TCP handshake timeout in seconds

Property_Template¶

Template type for tcp. Use advanced template to configure TCP Profile properties beyond idleTimeout, sendBufferSize, proxyBufferLow, and proxyBufferHigh.

Name	Default	Values	Description
Property_Template (string)	None	lan, wan, mobile, normal, advanced	Template type for tcp. Use advanced template to configure TCP Profile properties beyond idleTimeout, sendBufferSize, proxyBufferLow, and proxyBufferHigh.

Property_Text¶

A text value (text property)

Name	Default	Values	Description
Property_Text (object)	None	See “Resource_Text”	A text value (text property)

Property_Ttl¶

Requested cookie lifetime (seconds, default 0 means session cookie)

Name	Default	Values	Description
Property_Ttl (integer)	None	[0-604800]	Requested cookie lifetime (seconds, default 0 means session cookie)

Property_Use¶

Path to object in declaration

Name	Default	Values	Description
Property_Use (string)	None	Pattern: ^[A-Za-z-/][0-9A-Za-z-_./-]*$	Path to object in declaration

RateLimit¶

Specifies the maximum number of connections per second allowed for a virtual server

Name	Default	Values	Description
RateLimit (integer)	None	[0-65535]	Specifies the maximum number of connections per second allowed for a virtual server

Remark¶

Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.

Name	Default	Values	Description
Remark (string)	None	Pattern: ^[^x00-x1fx22x5cx7f]*$	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.

Resource_Base64¶

A Base64-encoded value

Name	Default	Values	Description
Resource_Base64 (string)	None	None	A Base64-encoded value

Resource_Text¶

UTF-8 text (in JSON string)

Name	Default	Values	Description
Resource_Text (string)	None	None	UTF-8 text (in JSON string)

Resource_URL¶

The URL for a required resource

Name	Default	Values	Description
Resource_URL (string \| object)	None	None	The URL for a required resource

Secret¶

A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL

Name	Default	Values	Description
Secret (string \| object)	None	None	A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL

Service_Forwarding¶

Service Forwarding

Name	Default	Values	Description
class (string)	Service_Forwarding	None	None
enable (boolean)	true	true, false	None
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
forwardingType (string)	None	ip	None
mirroring (string)	none	none, L4	None
iRules (object)	None	See “Pointer_IRules”	List of iRule references
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
label (object)	None	See “Label”	Optional friendly name for this object
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
policyFirewallEnforced (object)	None	See “Pointer_System_All_List”	List of All system reference pointers
policyFirewallStaged (object)	None	See “Pointer_System_All_List”	List of All system reference pointers
profileL4 (object)	None	See “Pointer_Profile_L4”	Reference for Profile L4
serverNetwork (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)

Service_HTTP¶

HTTP virtual server

Name	Default	Values	Description
class (string)	Service_HTTP	None	None
persistenceMethods (object)	cookie	See “Pointer_Profile_HTTP_Persistence”	Reference for Profile Persistence
fallbackPersistenceMethod (object)	None	See “Pointer_Profile_Fallback_Persistence”	Reference for Profile Fallback Persistence
clientTLS (object)	None	None	None
enable (boolean)	true	true, false	None
inlineConnector (object)	None	See “Pointer_Use”	Reference for use property
inspectionServices (array<Pointer_BIGIP>)	None	None	None
rateLimit (object)	None	See “RateLimit”	Specifies the maximum number of connections per second allowed for a virtual server
maxConnections (object)	None	See “MaxConnections”	Specifies the maximum number of concurrent connections you want to allow for the virtual server
lastHop (object)	default	See “LastHop”	Name of built-in last-hop method used for tracking of source MAC address of incoming connections. (default ‘default’ means use system setting)
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
mirroring (object)	None	See “Mirroring”	Controls connection-mirroring for high-availability
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
rejectVlans (object)	None	See “Pointer_Reject_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will not pass traffic to.
profileAnalytics (object)	None	See “Pointer_Profile_Analytics”	Reference for Profile Analytics definition
profileAnalyticsTcp (object)	None	See “Pointer_Analytics_TCP_Profile”	Reference for Analytics TCP Profile definition
profileHTTP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
profileHTTP2 (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
profileHTTPCompression (object)	None	See “Pointer_Profile_Standard_Plus_Template”	Reference for a standard profile with template
profileHTTPAcceleration (object)	None	See “Pointer_HTTP_Acceleration_Profile”	Reference to a HTTP Acceleration Profile
profileMultiplex (object)	None	See “Pointer_Multiplex_Profile”	Reference for Multiplex Profile definition
profileTCP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
serverTLS (object)	None	See “Pointer_String”	Reference that is a string
snat (object)	None	See “Pointer_SNAT”	Reference for SNAT pointer (includes string and snat pool)
tap (object)	None	See “Pointer_Use”	Reference for use property
translateServerAddress (object)	true	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateClientPort (object)	None	See “TranslateClientPort”	A value of true (boolean) or ‘change’ allows the system to handle the source port translation of the connection. A value of false (boolean) or ‘preserve’ allows the system to change the port if it’s in use, while the ‘preserve-strict’ option does not
iRules (object)	None	See “Pointer_IRules”	List of iRule references
policyAppMappingIAM (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyIAM (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyFirewallEnforced (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyFirewallStaged (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyPerRequestAccess (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policySslOrchestrator (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyWAF (object)	None	See “Pointer_Waf_Policy”	Reference for WAF Policy definition
pool (object)	None	See “Pointer_Pool_Object_Or_String”	Reference to a pool
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	80	See “Virtual_Port”	Virtual port
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
label (object)	None	See “Label”	Optional friendly name for this object

Service_HTTPS¶

HTTPS virtual server

Name	Default	Values	Description
class (string)	Service_HTTPS	None	None
clientTLS (object)	None	None	None
enable (boolean)	true	true, false	None
inlineConnector (object)	None	See “Pointer_Use”	Reference for use property
inspectionServices (array<Pointer_BIGIP>)	None	None	None
profileBotDefense (array<string \| array<string>>)	None	None	Attaches a Bot Defense profile to the service
rateLimit (object)	None	See “RateLimit”	Specifies the maximum number of connections per second allowed for a virtual server
maxConnections (object)	None	See “MaxConnections”	Specifies the maximum number of concurrent connections you want to allow for the virtual server
lastHop (object)	default	See “LastHop”	Name of built-in last-hop method used for tracking of source MAC address of incoming connections. (default ‘default’ means use system setting)
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
mirroring (object)	None	See “Mirroring”	Controls connection-mirroring for high-availability
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
rejectVlans (object)	None	See “Pointer_Reject_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will not pass traffic to.
fallbackPersistenceMethod (object)	None	See “Pointer_Profile_Fallback_Persistence”	Reference for Profile Fallback Persistence
persistenceMethods (object)	cookie	See “Pointer_Profile_HTTP_Persistence”	Reference for Profile Persistence
profileAnalytics (object)	None	See “Pointer_Profile_Analytics”	Reference for Profile Analytics definition
profileAnalyticsTcp (object)	None	See “Pointer_Analytics_TCP_Profile”	Reference for Analytics TCP Profile definition
profileHTTP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
profileHTTP2 (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
profileHTTPCompression (object)	None	See “Pointer_Profile_Standard_Plus_Template”	Reference for a standard profile with template
profileHTTPAcceleration (object)	None	See “Pointer_HTTP_Acceleration_Profile”	Reference to a HTTP Acceleration Profile
profileMultiplex (object)	None	See “Pointer_Multiplex_Profile”	Reference for Multiplex Profile definition
profileTCP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
redirect80 (boolean)	None	true, false	None
serverTLS (object)	None	See “Pointer_String”	Reference that is a string
snat (object)	None	See “Pointer_SNAT”	Reference for SNAT pointer (includes string and snat pool)
tap (object)	None	See “Pointer_Use”	Reference for use property
translateServerAddress (object)	true	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateClientPort (object)	None	See “TranslateClientPort”	A value of true (boolean) or ‘change’ allows the system to handle the source port translation of the connection. A value of false (boolean) or ‘preserve’ allows the system to change the port if it’s in use, while the ‘preserve-strict’ option does not
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
iRules (object)	None	See “Pointer_IRules”	List of iRule references
policyAppMappingIAM (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyIAM (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyFirewallEnforced (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyFirewallStaged (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyPerRequestAccess (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policySslOrchestrator (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyWAF (object)	None	See “Pointer_Waf_Policy”	Reference for WAF Policy definition
pool (object)	None	See “Pointer_Pool_Object_Or_String”	Reference to a pool
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	443	See “Virtual_Port”	Virtual port

Service_HTTPS_Forward_Proxy¶

HTTP forward proxy server

Name	Default	Values	Description
class (string)	Service_HTTPS_Forward_Proxy	None	None
enable (boolean)	true	true, false	None
iRules (object)	None	See “Pointer_IRules”	List of iRule references
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
label (object)	None	See “Label”	Optional friendly name for this object
rateLimit (object)	None	See “RateLimit”	Specifies the maximum number of connections per second allowed for a virtual server
maxConnections (object)	None	See “MaxConnections”	Specifies the maximum number of concurrent connections you want to allow for the virtual server
lastHop (object)	default	See “LastHop”	Name of built-in last-hop method used for tracking of source MAC address of incoming connections. (default ‘default’ means use system setting)
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
pool (object)	None	See “Pointer_Pool_Object_Or_String”	Reference to a pool
translateServerAddress (object)	true	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateClientPort (object)	None	See “TranslateClientPort”	A value of true (boolean) or ‘change’ allows the system to handle the source port translation of the connection. A value of false (boolean) or ‘preserve’ allows the system to change the port if it’s in use, while the ‘preserve-strict’ option does not
snat (object)	None	See “Pointer_SNAT”	Reference for SNAT pointer (includes string and snat pool)
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	80	See “Virtual_Port”	Virtual port
clientTLS (object)	None	See “Pointer_TLS_Forward_Proxy_Client”	BIG-IP AS3 pointer to TLS Forward Proxy Client Profile
serverTLS (object)	None	See “Pointer_TLS_Forward_Proxy_Server”	BIG-IP AS3 pointer to TLS Forward Proxy Server Profile
profileTCP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
profileHTTP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
policySslOrchestrator (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)

Service_L4¶

Fast L4 virtual server

Name	Default	Values	Description
class (string)	Service_L4	None	None
enable (boolean)	true	true, false	Enables property function
profileL4 (object)	None	See “Pointer_Profile_Standard”	Reference for a standard profile
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	80	See “Virtual_Port”	Virtual port
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
rateLimit (object)	None	See “RateLimit”	Specifies the maximum number of connections per second allowed for a virtual server
maxConnections (object)	None	See “MaxConnections”	Specifies the maximum number of concurrent connections you want to allow for the virtual server
lastHop (object)	default	See “LastHop”	Name of built-in last-hop method used for tracking of source MAC address of incoming connections. (default ‘default’ means use system setting)
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
mirroring (object)	None	See “Mirroring”	Controls connection-mirroring for high-availability
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
rejectVlans (object)	None	See “Pointer_Reject_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will not pass traffic to.
profileBotDefense (array<string \| array<string>>)	None	None	Attaches a Bot Defense profile to the service
persistenceMethods (object)	source-address	See “Pointer_Profile_FAST_L4_Persistence”	Reference for Profile FAST L4 Persistence
snat (object)	None	See “Pointer_SNAT”	Reference for SNAT pointer (includes string and snat pool)
translateServerAddress (object)	true	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateClientPort (object)	None	See “TranslateClientPort”	A value of true (boolean) or ‘change’ allows the system to handle the source port translation of the connection. A value of false (boolean) or ‘preserve’ allows the system to change the port if it’s in use, while the ‘preserve-strict’ option does not
iRules (object)	None	See “Pointer_IRules”	List of iRule references
policyFirewallEnforced (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyFirewallStaged (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policySslOrchestrator (object)	None	See “Pointer_System_All”	Deprecated. Will be removed in a later release.
policyWAF (object)	None	See “Pointer_Waf_Policy”	Deprecated. Will be removed in a later release.
policyAppMappingIAM (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyIAM (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyPerRequestAccess (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
pool (object)	None	None	None

Service_L4_DSR¶

Fast L4 DSR virtual server

Name	Default	Values	Description
class (string)	Service_L4_DSR	None	None
enable (boolean)	true	true, false	Enables property function
profileL4Dsr (object)	None	See “Pointer_Profile_Standard”	Reference for a standard profile
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	80	See “Virtual_Port”	Virtual port
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
lastHop (object)	default	See “LastHop”	Name of built-in last-hop method used for tracking of source MAC address of incoming connections. (default ‘default’ means use system setting)
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
mirroring (object)	None	See “Mirroring”	Controls connection-mirroring for high-availability
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
rejectVlans (object)	None	See “Pointer_Reject_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will not pass traffic to.
profileBotDefense (array<string \| array<string>>)	None	None	Attaches a Bot Defense profile to the service
persistenceMethods (object)	source-address	See “Pointer_Profile_FAST_L4_Persistence”	Reference for Profile FAST L4 Persistence
translateServerAddress (object)	true	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateClientPort (object)	preserve-strict	See “TranslateClientPort”	A value of true (boolean) or ‘change’ allows the system to handle the source port translation of the connection. A value of false (boolean) or ‘preserve’ allows the system to change the port if it’s in use, while the ‘preserve-strict’ option does not
iRules (object)	None	See “Pointer_IRules”	List of iRule references
policyAppMappingIAM (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyIAM (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyFirewallEnforced (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyFirewallStaged (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyPerRequestAccess (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
pool (object)	None	None	None

Service_Pool¶

Pool Service

Name	Default	Values	Description
class (string)	Service_Pool	None	None
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
label (object)	None	See “Label”	Optional friendly name for this object
translateServerAddress (object)	true	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateClientPort (object)	None	See “TranslateClientPort”	A value of true (boolean) or ‘change’ allows the system to handle the source port translation of the connection. A value of false (boolean) or ‘preserve’ allows the system to change the port if it’s in use, while the ‘preserve-strict’ option does not
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
pool (object)	None	None	None

Service_TCP¶

TCP virtual server

Name	Default	Values	Description
class (string)	Service_TCP	None	None
enable (boolean)	true	true, false	None
clientTLS (object)	None	None	None
rateLimit (object)	None	See “RateLimit”	Specifies the maximum number of connections per second allowed for a virtual server
maxConnections (object)	None	See “MaxConnections”	Specifies the maximum number of concurrent connections you want to allow for the virtual server
lastHop (object)	default	See “LastHop”	Name of built-in last-hop method used for tracking of source MAC address of incoming connections. (default ‘default’ means use system setting)
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
mirroring (object)	None	See “Mirroring”	Controls connection-mirroring for high-availability
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
rejectVlans (object)	None	See “Pointer_Reject_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will not pass traffic to.
fallbackPersistenceMethod (object)	None	See “Pointer_Profile_Fallback_Persistence”	Reference for Profile Fallback Persistence
persistenceMethods (object)	source-address	See “Pointer_Profile_TCP_Persistence”	Reference for Profile Persistence
profileAnalyticsTcp (object)	None	See “Pointer_Analytics_TCP_Profile”	Reference for Analytics TCP Profile definition
profileTCP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
translateServerAddress (object)	true	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateClientPort (object)	None	See “TranslateClientPort”	A value of true (boolean) or ‘change’ allows the system to handle the source port translation of the connection. A value of false (boolean) or ‘preserve’ allows the system to change the port if it’s in use, while the ‘preserve-strict’ option does not
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
iRules (object)	None	See “Pointer_IRules”	List of iRule references
inlineConnector (object)	None	See “Pointer_Use”	Reference for use property
inspectionServices (array<Pointer_BIGIP>)	None	None	None
policyFirewallEnforced (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyFirewallStaged (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policySslOrchestrator (object)	None	See “Pointer_System_All”	Deprecated. Will be removed in a later release.
policyWAF (object)	None	See “Pointer_Waf_Policy”	Deprecated. Will be removed in a later release.
policyAppMappingIAM (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyIAM (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyPerRequestAccess (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
pool (object)	None	See “Pointer_Pool_Object_Or_String”	Reference to a pool
snat (object)	None	See “Pointer_SNAT”	Reference for SNAT pointer (includes string and snat pool)
tap (object)	None	See “Pointer_Use”	Reference for use property
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	80	See “Virtual_Port”	Virtual port
serverTLS (object)	None	See “Pointer_String”	Reference that is a string

Service_TCP_Forward_Proxy¶

TCP virtual server with forward proxy configuration

Name	Default	Values	Description
class (string)	Service_TCP_Forward_Proxy	None	None
enable (boolean)	true	true, false	None
rateLimit (object)	None	See “RateLimit”	Specifies the maximum number of connections per second allowed for a virtual server
maxConnections (object)	None	See “MaxConnections”	Specifies the maximum number of concurrent connections you want to allow for the virtual server
lastHop (object)	default	See “LastHop”	Name of built-in last-hop method used for tracking of source MAC address of incoming connections. (default ‘default’ means use system setting)
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
rejectVlans (object)	None	See “Pointer_Reject_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will not pass traffic to.
profileTCP (object)	None	See “Pointer_Profile_Ingress_Egress”	Reference use, ingress, and egress on profile
translateServerAddress (object)	true	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateClientPort (object)	None	See “TranslateClientPort”	A value of true (boolean) or ‘change’ allows the system to handle the source port translation of the connection. A value of false (boolean) or ‘preserve’ allows the system to change the port if it’s in use, while the ‘preserve-strict’ option does not
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
iRules (object)	None	See “Pointer_IRules”	List of iRule references
policySslOrchestrator (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
pool (object)	None	See “Pointer_Pool_Object_Or_String”	Reference to a pool
snat (object)	None	See “Pointer_SNAT”	Reference for SNAT pointer (includes string and snat pool)
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	80	See “Virtual_Port”	Virtual port
clientTLS (object)	None	See “Pointer_TLS_Forward_Proxy_Client”	BIG-IP AS3 pointer to client TLS Proxy Profile
serverTLS (object)	None	See “Pointer_TLS_Forward_Proxy_Server”	BIG-IP AS3 pointer to server TLS Proxy Profile

Service_UDP¶

UDP virtual server

Name	Default	Values	Description
class (string)	Service_UDP	None	None
enable (boolean)	true	true, false	None
translateServerAddress (object)	true	See “TranslateServerAddress”	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateClientPort (object)	None	See “TranslateClientPort”	A value of true (boolean) or ‘change’ allows the system to handle the source port translation of the connection. A value of false (boolean) or ‘preserve’ allows the system to change the port if it’s in use, while the ‘preserve-strict’ option does not
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
rateLimit (object)	None	See “RateLimit”	Specifies the maximum number of connections per second allowed for a virtual server
maxConnections (object)	None	See “MaxConnections”	Specifies the maximum number of concurrent connections you want to allow for the virtual server
lastHop (object)	default	See “LastHop”	Name of built-in last-hop method used for tracking of source MAC address of incoming connections. (default ‘default’ means use system setting)
metadata (object)	None	See “Metadata”	Useful data-points for tracking, tagging, and organizing declarations.
mirroring (object)	None	See “Mirroring”	Controls connection-mirroring for high-availability
allowNetworks (object)	None	See “Pointer_Allow_Networks”	Names of existing L3 Networks that the application will pass traffic to.
allowVlans (object)	None	See “Pointer_Allow_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will pass traffic to.
rejectVlans (object)	None	See “Pointer_Reject_Vlans”	Names of existing VLANs (or L3 Networks for Next) that the application will not pass traffic to.
fallbackPersistenceMethod (object)	None	See “Pointer_Profile_Fallback_Persistence”	Reference for Profile Fallback Persistence
persistenceMethods (object)	source-address	See “Pointer_Profile_UDP_Persistence”	Reference for Profile Persistence
profileUDP (object)	None	See “Pointer_Profile_Standard”	Reference for a standard profile
profileBotDefense (array<string \| array<string>>)	None	None	None
iRules (object)	None	See “Pointer_IRules”	List of iRule references
inlineConnector (object)	None	See “Pointer_Use”	Reference for use property
inspectionServices (array<Pointer_BIGIP>)	None	None	None
policyFirewallEnforced (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyFirewallStaged (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policySslOrchestrator (object)	None	See “Pointer_System_All”	Deprecated. Will be removed in a later release.
policyWAF (object)	None	See “Pointer_Waf_Policy”	Deprecated. Will be removed in a later release.
policyAppMappingIAM (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyIAM (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
policyPerRequestAccess (object)	None	See “Pointer_System_All”	All system reference pointers valid for the runtime (bigip, cm, etc.)
pool (object)	None	See “Pointer_Pool_Object_Or_String”	Reference to a pool
snat (object)	None	See “Pointer_SNAT”	Reference for SNAT pointer (includes string and snat pool)
clientDTLS (object)	None	See “Pointer_DTLS_Client”	BIG-IP AS3 pointer to DTLS Client Profile
serverDTLS (object)	None	See “Pointer_DTLS_Server”	BIG-IP AS3 pointer to DTLS Server Profile
tap (object)	None	See “Pointer_Use”	Reference for use property
virtualAddresses (object)	None	See “Virtual_Addresses”	Virtual addresses array
virtualPort (object)	80	See “Virtual_Port”	Virtual port

SNAT_Pool¶

SNAT pool

Name	Default	Values	Description
class (string)	SNAT_Pool	None	None
label (object)	None	See “Label”	Optional friendly name for this object
snatAddresses (array<string>)	None	None	List of SNAT addresses– may include both IPv4 and IPv6
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.

Target¶

Target properties which indicate where the declaration should be configured

Name	Default	Values	Description
address (object)	None	None	IP address (v4 or v6) or Hostname

TCP_Profile¶

Declares a TCP Profile. The property ‘template’ can be used to set the default properties for TCP Profile (WAN, LAN, and Mobile).

Name	Default	Values	Description
TCP_Profile (object)	None	None	Declares a TCP Profile. The property ‘template’ can be used to set the default properties for TCP Profile (WAN, LAN, and Mobile).
class (string)	TCP_Profile	None	None
ackOnPush (boolean)	true	true, false	When enabled, significantly improves performance to Microsoft Windows and macOS peers who are writing out on a very small send buffer. The default value is true.
appropriateByteCounting (boolean)	true	true, false	When enabled, increases the congestion window by basing the increase amount on the number of previously unacknowledged bytes that each ACK covers. The default value is true.
enhancedLossRecovery (boolean)	true	true, false	When enabled, specifies that the system uses enhanced loss recovery to recover from random packet losses more effectively. The default value is true.
explicitCongestionNotification (boolean)	true	true, false	When enabled, the system uses the explicit congestion notification (ECN) TCP flags CWR (congestion window reduced) and ECE (ECN-echo) to notify its peer of congestion and congestion counter-measures. The default value is true.
fastOpen (boolean)	true	true, false	When enabled, permits TCP Fast Open, allowing properly equipped TCP clients to send data with the SYN packet. This option has no effect on server-side TCP profiles. The default value is true.
idleTimeout (object)	None	See “Property_Idle_Timeout”	Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion
indirectSource (string)	None	See “IP_Address”	Specify the Indirect Source IP for return packets. This is used if the destination of the outgoing packet is different from the source of the incoming packet.
ipTosToClient (integer)	None	[0-65535]	Specify the Type of Service (TOS) handling for traffic flowing towards the server (default 0)
minimumRto (integer)	1000	[10-5000]	Specifies the minimum TCP retransmission timeout in milliseconds. The default value is 1000 milliseconds.
nagle (string)	auto	disable, enable, auto	Value ‘enable’ means to use Nagle’s algorithm to minimize the transmission of short TCP segments (note: Nagle’s algorithm yields undesirable results with many application protocols). Value ‘auto’ (default) means the ADC will choose automatically whether to enable Nagle’s algorithm. Value ‘disable’ averts application of Nagle’s algorithm
pktLossIgnoreBurst (integer)	None	[0-32]	Specifies the probability of performing congestion control when multiple packets in a row are lost even if the packetLossIgnoreRate was not exceeded. Valid values are 0 to 32. The default is 0, meaning that the system should perform congestion control if any packets are lost. Higher values decrease the chance of performing congestion control.
pktLossIgnoreRate (integer)	None	[0-1000000]	Specifies the threshold of packets lost per million at which the system should perform congestion control. Valid values for n are 0 to 1,000,000. The default is 0, meaning the system should perform congestion control if any packet loss occurs. If you set the ignore rate to 10 and packet loss for a TCP connection is greater than 10 per million, congestion control occurs.
proxyBufferHigh (object)	131072	See “Property_Proxy_Buffer_High”	The system closes the receive window when the number of octets in proxy buffer rises above this value
proxyBufferLow (object)	98304	See “Property_Proxy_Buffer_Low”	The system opens the receive window when the number of octets in proxy buffer falls below this value
proxyOptions (boolean)	None	true, false	Specifies, when enabled, that the system advertises an option, such as a time-stamp to the server only if it was negotiated with the client. The default value is false.
resetOnTimeout (object)	true	See “Property_Reset_On_Timeout”	Specifies whether to reset connections on timeout
sendBufferSize (object)	131072	See “Property_Send_Buffer_Size”	Maximum size of send buffer in bytes
template (object)	advanced	See “Property_Template”	Template type for tcp. Use advanced template to configure TCP Profile properties beyond idleTimeout, sendBufferSize, proxyBufferLow, and proxyBufferHigh.
verifiedAccept (boolean)	None	true, false	When enabled, the system verifies that the pool member is available to accept the connection by sending the server a SYN before responding to the client’s SYN with a SYN-ACK.
zeroWindowTimeout (integer)	20000	[0-4294967295]	Specifies the timeout in milliseconds for terminating a connection with an effective zero length TCP transmit window. The timeout starts when the peer advertises a zero length TCP window or when enough data has been sent to fill the previously advertised window. The timer is canceled when a non-zero length window is received. The default is 20000 milliseconds.

TCP_Profile_Advanced¶

TCP Profile for Advanced template

Name	Default	Values	Description
TCP_Profile_Advanced (object)	None	See “TCP_Profile_Advanced_Properties”	TCP Profile for Advanced template
class (string)	TCP_Profile	None	None

TCP_Profile_Advanced_Monitor_Properties¶

TCP Profile properties for Advanced Monitors

Name	Default	Values	Description
TCP_Profile_Advanced_Monitor_Properties (object)	None	See “TCP_Profile_Advanced_Properties”	TCP Profile properties for Advanced Monitors

TCP_Profile_Advanced_Properties¶

TCP Profile properties for Advanced template

Name	Default	Values	Description
ackOnPush (boolean)	true	true, false	When enabled, significantly improves performance to Microsoft Windows and macOS peers who are writing out on a very small send buffer. The default value is true.
appropriateByteCounting (boolean)	true	true, false	When enabled, increases the congestion window by basing the increase amount on the number of previously unacknowledged bytes that each ACK covers. The default value is true.
enhancedLossRecovery (boolean)	true	true, false	When enabled, specifies that the system uses enhanced loss recovery to recover from random packet losses more effectively. The default value is true.
explicitCongestionNotification (boolean)	true	true, false	When enabled, the system uses the explicit congestion notification (ECN) TCP flags CWR (congestion window reduced) and ECE (ECN-echo) to notify its peer of congestion and congestion counter-measures. The default value is true.
fastOpen (boolean)	true	true, false	When enabled, permits TCP Fast Open, allowing properly equipped TCP clients to send data with the SYN packet. This option has no effect on server-side TCP profiles. The default value is true.
idleTimeout (object)	None	See “Property_Idle_Timeout”	Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion
indirectSource (string)	None	See “IP_Address”	Specify the Indirect Source IP for return packets. This is used if the destination of the outgoing packet is different from the source of the incoming packet.
ipTosToClient (integer)	None	[0-65535]	Specify the Type of Service (TOS) handling for traffic flowing towards the server (default 0)
minimumRto (integer)	1000	None	Specifies the minimum TCP retransmission timeout in milliseconds. The default value is 1000 milliseconds.
nagle (string)	auto	disable, enable, auto	Enables or disables the auto setting for Nagle’s algorithm. The default is auto.
pktLossIgnoreBurst (integer)	None	None	Specifies the probability of performing congestion control when multiple packets in a row are lost even if the packetLossIgnoreRate was not exceeded. Valid values are 0 to 32. The default is 0, meaning that the system should perform congestion control if any packets are lost. Higher values decrease the chance of performing congestion control.
pktLossIgnoreRate (integer)	None	None	Specifies the threshold of packets lost per million at which the system should perform congestion control. Valid values for n are 0 to 1,000,000. The default is 0, meaning the system should perform congestion control if any packet loss occurs. If you set the ignore rate to 10 and packet loss for a TCP connection is greater than 10 per million, congestion control occurs.
proxyBufferHigh (object)	131072	See “Property_Proxy_Buffer_High”	The system closes the receive window when the number of octets in proxy buffer rises above this value
proxyBufferLow (object)	98304	See “Property_Proxy_Buffer_Low”	The system opens the receive window when the number of octets in proxy buffer falls below this value
proxyOptions (boolean)	None	true, false	Specifies, when enabled, that the system advertises an option, such as a time-stamp to the server only if it was negotiated with the client. The default value is false.
resetOnTimeout (object)	true	See “Property_Reset_On_Timeout”	Specifies whether to reset connections on timeout
sendBufferSize (object)	131072	See “Property_Send_Buffer_Size”	Maximum size of send buffer in bytes
template (object)	None	See “Property_Template”	Template type for tcp. Use advanced template to configure TCP Profile properties beyond idleTimeout, sendBufferSize, proxyBufferLow, and proxyBufferHigh.
verifiedAccept (boolean)	None	true, false	When enabled, the system verifies that the pool member is available to accept the connection by sending the server a SYN before responding to the client’s SYN with a SYN-ACK.
zeroWindowTimeout (integer)	20000	None	Specifies the timeout in milliseconds for terminating a connection with an effective zero length TCP transmit window. The timeout starts when the peer advertises a zero length TCP window or when enough data has been sent to fill the previously advertised window. The timer is canceled when a non-zero length window is received. The default is 20000 milliseconds.

TCP_Profile_Lan¶

TCP Profile for LAN template

Name	Default	Values	Description
class (string)	TCP_Profile	None	None
fastOpen (boolean)	true	true, false	When enabled, permits TCP Fast Open, allowing properly equipped TCP clients to send data with the SYN packet. This option has no effect on server-side TCP profiles. The default value is true.
idleTimeout (object)	None	See “Property_Idle_Timeout”	Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion
proxyBufferHigh (object)	65535	See “Property_Proxy_Buffer_High”	The system closes the receive window when the number of octets in proxy buffer rises above this value
proxyBufferLow (object)	32768	See “Property_Proxy_Buffer_Low”	The system opens the receive window when the number of octets in proxy buffer falls below this value
sendBufferSize (object)	65535	See “Property_Send_Buffer_Size”	Maximum size of send buffer in bytes
template (object)	None	See “Property_Template”	Template type for tcp. Use advanced template to configure TCP Profile properties beyond idleTimeout, sendBufferSize, proxyBufferLow, and proxyBufferHigh.
verifiedAccept (boolean)	None	true, false	When enabled, the system verifies that the pool member is available to accept the connection by sending the server a SYN before responding to the client’s SYN with a SYN-ACK.

TCP_Profile_Mobile¶

TCP Profile for Mobile template

Name	Default	Values	Description
class (string)	TCP_Profile	None	None
idleTimeout (object)	None	See “Property_Idle_Timeout”	Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion
proxyBufferHigh (object)	262144	See “Property_Proxy_Buffer_High”	The system closes the receive window when the number of octets in proxy buffer rises above this value
proxyBufferLow (object)	196608	See “Property_Proxy_Buffer_Low”	The system opens the receive window when the number of octets in proxy buffer falls below this value
sendBufferSize (object)	262144	See “Property_Send_Buffer_Size”	Maximum size of send buffer in bytes
template (object)	None	See “Property_Template”	Template type for tcp. Use advanced template to configure TCP Profile properties beyond idleTimeout, sendBufferSize, proxyBufferLow, and proxyBufferHigh.

TCP_Profile_Wan¶

TCP Profile for WAN template

Name	Default	Values	Description
class (string)	TCP_Profile	None	None
fastOpen (boolean)	true	true, false	When enabled, permits TCP Fast Open, allowing properly equipped TCP clients to send data with the SYN packet. This option has no effect on server-side TCP profiles. The default value is true.
idleTimeout (object)	None	See “Property_Idle_Timeout”	Number of seconds (may not be 0) connection may remain idle before it becomes eligible for deletion
proxyBufferHigh (object)	262144	See “Property_Proxy_Buffer_High”	The system closes the receive window when the number of octets in proxy buffer rises above this value
proxyBufferLow (object)	196608	See “Property_Proxy_Buffer_Low”	The system opens the receive window when the number of octets in proxy buffer falls below this value
sendBufferSize (object)	262144	See “Property_Send_Buffer_Size”	Maximum size of send buffer in bytes
template (object)	None	See “Property_Template”	Template type for tcp. Use advanced template to configure TCP Profile properties beyond idleTimeout, sendBufferSize, proxyBufferLow, and proxyBufferHigh.
verifiedAccept (boolean)	None	true, false	When enabled, the system verifies that the pool member is available to accept the connection by sending the server a SYN before responding to the client’s SYN with a SYN-ACK.

Tenant¶

Declares a Tenant

Name	Default	Values	Description
class (string)	Tenant	None	None
controls (object)	None	See “Controls”	Optional controls configuration
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
constants (object)	None	See “Constants”	Named values for (re-)use by declaration objects

TLS_Client¶

TLS Client Profile

Name	Default	Values	Description
alertTimeout (integer,string)	None	None	Specifies the duration in time for the system to try to close an SSL connection before resetting the connection in seconds.
allowExpiredCRL (boolean)	None	true, false	Specifies if the CRL can be used even if it has expired
authenticationDepth (integer)	None	[0-15]	Server certificate verification depth. The default value is 9, meaning maximum client certificate chain traversal depth for verification is set to 9
authenticationFrequency (string)	None	one-time, every-time	Client certificate authentication frequency
cacheSize (integer)	None	[0-4194304]	Specifies the number of sessions in the SSL session cache in sessions.
certificates (array<TLS_Client_Certificates>)	None	None	Primary and (optional) additional certificates (order is significant, element 0 is the primary certificate)
ciphers (object)	DEFAULT	See “Ciphers”	Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).
class (string)	TLS_Client	None	None
crlFile (object)	None	See “Pointer_BIGIP”	Specifies the name of a file containing a list of revoked client certificates
enableAuthentication (boolean)	None	true, false	Specifies the flag to enables/disable server certificate verification.
expiredCAAction (string)	None	drop, ignore	Specifies the action (‘drop’ or ‘ignore’) to take when the server’s certificate is expired. If the server’s certificate is expired - A ‘drop’ action will drop the connection. An ‘ignore’ action will ignore the validation error and proceed to establish the connection. The default action is ‘drop’.
handshakeTimeout (integer)	None	[1-4294967295]	Specifies the duration in time that the system tries to establish an SSL connection before halting the operation in seconds.
namedGroups (string)	None	None	Specifies the Diffie Hellman groups used to negotiate SSL/TLS connections.
renegotiationEnabled (boolean)	None	true, false	Controls on a per-connection basis how the system responds to mid-stream SSL reconnection requests.
renegotiatePeriod (integer,string)	None	None	Specifies whether the system renegotiates the SSL session after a specified amount of time in seconds has passed. A value of 0 (zero) specifies that system does not renegotiate based on time interval.
renegotiateSize (integer,string)	None	None	Specifies whether the system renegotiates the SSL session after a specified amount of data in megabytes has been exchanged. A value of 0 (zero) specifies that system does not renegotiate based on amount of data exchanged.
revokedCAAction (string)	None	drop, ignore	Specifies the action (‘drop’ or ‘ignore’) to take when the server’s certificate is revoked. If the server’s certificate is revoked - A ‘drop’ action will drop the connection. An ‘ignore’ action will ignore the validation error and proceed to establish the connection. The default action is ‘drop’.
secureRenegotiation (string)	None	request, require, require-strict	Specifies the secure renegotiation mode. The default is require-strict.
serverName (string)	None	None	FQDN which server certificate must match (optional)
signatureAlgorithms (array<string>)	None	None	Specifies the signature algorithms used to negotiate SSL/TLS connections.
tls1_1Enabled (boolean)	true	true, false	Allow TLS 1.1 Ciphers.
tls1_2Enabled (boolean)	true	true, false	Allow TLS 1.2 Ciphers.
tls1_3Enabled (boolean)	true	true, false	Allow TLS 1.3 Ciphers.
trustCA (object)	None	None	CA’s trusted to validate server certificate.
untrustedCAAction (string)	None	drop, ignore	Specifies the action (‘drop’ or ‘ignore’) to take when the server certificate has an untrusted CA. If there is a server certificate validation error - A ‘drop’ action will drop the connection. An ‘ignore’ action will ignore the validation error and proceed to establish the connection. The default action is ‘drop’.

TLS_Client_Certificates¶

TLS_Client certificates

Name	Default	Values	Description
certificate (string)	None	None	None

TLS_Forward_Proxy_Client¶

TLS Forward Proxy Client Profile

Name	Default	Values	Description
class (string)	TLS_Forward_Proxy_Client	None	None
ciphers (object)	DEFAULT	See “Ciphers”	Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).
enableAuthentication (boolean)	None	true, false	Specifies the flag to enables/disable server certificate verification.
tls1_1Enabled (boolean)	true	true, false	Allow TLS 1.1 Ciphers.
tls1_2Enabled (boolean)	true	true, false	Allow TLS 1.2 Ciphers.
tls1_3Enabled (boolean)	true	true, false	Allow TLS 1.3 Ciphers.
signatureAlgorithms (array<string>)	None	None	Specifies the signature algorithms used to negotiate SSL/TLS connections.
namedGroups (array<string>)	None	None	Specifies the Diffie Hellman groups used to negotiate SSL/TLS connections.
trustCA (object)	None	None	CA’s trusted to validate server certificate.
expiredCAAction (string)	drop	drop, ignore, mask	Specifies the action (‘drop’, ‘ignore’ or ‘mask’) to take when the server’s certificate is expired. If the server’s certificate is expired: A ‘drop’ action will drop the connection. An ‘ignore’ action will present a certificate with the same expired attributes (notBefore and notAfter) as the server certificate. A ‘mask’ action will mask the expired certificate by presenting a certificate with a notAfter attribute equal to the current time plus the configured certificate lifespan. The default action is ‘drop’.
untrustedCAAction (string)	drop	drop, ignore, mask	Specifies the action (‘drop’, ‘ignore’ or ‘mask’) to take when the server certificate has an untrusted CA. If there is a server certificate validation error - A ‘drop’ action will drop the connection. An ‘ignore’ action will replace the original ‘CN’ with ‘Unknown CA’. A ‘mask’ action mask the error by presenting a certificate with a new issuer name equivalent to the subject name of the selected signing CA. The default action is ‘drop’.
bypassOnHandshakeFailure (boolean)	None	true, false	Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert messages during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled.
bypassOnClientCertificateFailure (boolean)	None	true, false	Enables or disables SSL forward proxy bypass on failing to present client certificate to the server. When enabled and the SSL handshake cannot be completed because of failure to get the client certificate, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled.

TLS_Forward_Proxy_Server¶

TLS Forward Proxy Server Profile

Name	Default	Values	Description
class (string)	TLS_Forward_Proxy_Server	None	None
certificates (array<TLS_Server_Forward_Proxy_Certificates>)	None	None	Primary and (optional) additional certificates (order is significant, element 0 is the primary certificate)
signingCertificates (array<TLS_Server_Forward_Proxy_Certificates>)	None	None	Specifies the signing CA certificate and key pairs.
ciphers (object)	DEFAULT	See “Ciphers”	Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).
defaultAction (string)	intercept	intercept, bypass	The default action to take when having SSL Forward Proxy.
certificateLifespan (integer)	None	[1-365]	Specify the Certificate Lifespan in days.
certificateExtensions (array<string>)	BasicConstraints, SubjectAltName, ExtendedKeyUsage	None	List of extensions of the web server certificate to be included in the generated certificate using SSL Forward Proxy.
signatureAlgorithms (array<string>)	None	None	Specifies the signature algorithms used to negotiate SSL/TLS connections.
namedGroups (array<string>)	None	None	Specifies the Diffie Hellman groups used to negotiate SSL/TLS connections.
tls1_1Enabled (boolean)	None	true, false	Allow TLS 1.1 Ciphers.
tls1_2Enabled (boolean)	true	true, false	Allow TLS 1.2 Ciphers.
tls1_3Enabled (boolean)	true	true, false	Allow TLS 1.3 Ciphers.

TLS_Server¶

TLS Server Profile

Name	Default	Values	Description
authenticationFrequency (string)	None	one-time, every-time	Client certificate authentication frequency
authenticationDepth (integer)	None	[0-15]	Server certificate verification depth. The default value is 9, meaning maximum client certificate chain traversal depth for verification is set to 9
authenticationTrustCA (object)	None	None	Pointer to CA Bundle used to validate client certificates
authenticationMode (string)	ignore	ignore, request, require	Client certificate authentication mode
class (string)	TLS_Server	None	None
certificates (array<TLS_Server_Certificates>)	None	None	Primary and (optional) additional certificates (order is significant, element 0 is the primary certificate)
ciphers (object)	DEFAULT	See “Ciphers”	Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).
enableAuthentication (boolean)	None	true, false	Specifies the flag to enables/disable client authentication on the client side.
tls1_1Enabled (boolean)	true	true, false	Allow TLS 1.1 Ciphers.
tls1_2Enabled (boolean)	true	true, false	Allow TLS 1.2 Ciphers.
tls1_3Enabled (boolean)	true	true, false	Allow TLS 1.3 Ciphers.

TLS_Server_Certificates¶

TLS_Server certificates

Name	Default	Values	Description
certificate (string)	None	None	None
sniDefault (boolean)	None	true, false	None
certificates (array<string>)	None	None	None
ciphers (object)	None	See “Ciphers”	Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).
sniDomains (array<string>)	None	None	None
tls1_1Enabled (boolean)	None	true, false	Allow TLS 1.1 Ciphers.
tls1_2Enabled (boolean)	None	true, false	Allow TLS 1.2 Ciphers.
tls1_3Enabled (boolean)	None	true, false	Allow TLS 1.3 Ciphers.
signatureAlgorithms (string)	None	None	Specifies the signature algorithms used to negotiate SSL/TLS connections.
namedGroups (string)	None	None	Specifies the Diffie Hellman groups used to negotiate SSL/TLS connections.
enableAuthentication (boolean)	None	true, false	Needed to enable/disable client authentication.
authenticationFrequency (string)	None	one-time, every-time	Client certificate authentication frequency
authenticationDepth (integer)	None	[0-15]	Certificate verification depth. The default value is 9, meaning maximum client certificate chain traversal depth for verification is set to 9
authenticationTrustCA (object)	None	None	Pointer to CA Bundle used to validate client certificates
authenticationMode (string)	None	ignore, request, require	Client certificate authentication mode
handshakeTimeout (integer)	None	[1-4294967295]	Specifies the duration in time that the system tries to establish an SSL connection before halting the operation in seconds.
alertTimeout (integer,string)	None	None	Specifies the duration in time for the system to try to close an SSL connection before resetting the connection in seconds.
renegotiationEnabled (boolean)	None	true, false	Enables or disables connection renegotiation. The default is disabled, meaning renegotiating connections is not allowed.
renegotiatePeriod (integer)	None	[0-4294967295]	Specifies whether the system renegotiates the SSL session after a specified amount of time in seconds has passed. A value of 0 (zero) specifies that system does not renegotiate based on time interval.
renegotiateSize (integer)	None	[0-4294967295]	Specifies whether the system renegotiates the SSL session after a specified amount of data in megabytes has been exchanged. A value of 0 (zero) specifies that system does not renegotiate based on amount of data exchanged.
renegotiateMaxRecordDelay (integer)	None	[0-4294967295]	Specifies the number of delayed records the system allows during SSL renegotiation. A value of 0 (zero) specifies an unlimited number of delayed records. A value greater than 15 will be treated as unlimited.
secureRenegotiation (string)	None	request, require, require-strict	Specifies the secure renegotiation mode. The default is require.
cacheSize (integer)	None	[0-4194304]	Specifies the number of sessions in the SSL session cache in sessions.
crlFile (string)	None	None	Specifies the name of a file containing a list of revoked client certificates.
allowExpiredCRL (boolean)	None	true, false	Determines whether to allow use of expired CRLs for client certificate verification.

TLS_Server_Client_Auth_Certificates¶

TLS_Server client auth certificates

Name	Default	Values	Description
certificate (string)	None	None	None
certificates (array<string>)	None	None	None
ciphers (object)	None	See “Ciphers”	Ciphersuite selection string (ciphers and cipherGroup are mutually exclusive, only use one).

TLS_Server_Forward_Proxy_Certificates¶

TLS_Server Forward Proxy certificates

Name	Default	Values	Description
certificate (string)	None	None	None

TranslateClientPort¶

A value of true (boolean) or ‘change’ allows the system to handle the source port translation of the connection. A value of false (boolean) or ‘preserve’ allows the system to change the port if it’s in use, while the ‘preserve-strict’ option does not

Name	Default	Values	Description
TranslateClientPort (boolean \| string)	None	true, false \| change, preserve, preserve-strict	A value of true (boolean) or ‘change’ allows the system to handle the source port translation of the connection. A value of false (boolean) or ‘preserve’ allows the system to change the port if it’s in use, while the ‘preserve-strict’ option does not

TranslateServerAddress¶

If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)

Name	Default	Values	Description
TranslateServerAddress (boolean)	None	true, false	If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)

UDP_Profile¶

Configures a User Datagram Protocol (UDP) profile

Name	Default	Values	Description
class (string)	UDP_Profile	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
datagramLoadBalancing (boolean)	None	true, false	When true, process UDP datagrams independently, without recognizing flows (default false)
idleTimeout (integer)	60	[0-86400]	Number of seconds (default 60) flow may remain idle before it becomes eligible for deletion. Value 0 allows system to recover per-flow resources whenever convenient (always safe with UDP).

UDP_Profile_Advanced_Monitor_Properties¶

UDP Profile properties for Advanced Monitors

Name	Default	Values	Description
datagramLoadBalancing (boolean)	None	true, false	When true, process UDP datagrams independently, without recognizing flows (default false)
idleTimeout (integer)	300	[0-86400]	Number of seconds (default 60) flow may remain idle before it becomes eligible for deletion. Value 0 allows system to recover per-flow resources whenever convenient (always safe with UDP).
ipTosToClient (integer)	None	[0-65535]	Specify the Type of Service (TOS) handling for traffic
indirectSource (string)	None	See “IP_Address”	Specify the Indirect Source IP for return packets. This is used if the destination of the outgoing packet is different from the source of the incoming packet.
template (string)	advanced	advanced	Template type for udp. Use advanced template to configure advanced UDP Profile properties

Virtual_Addresses¶

Virtual addresses array

Name	Default	Values	Description
Virtual_Addresses (array<IP_Address_Range>)	None	None	Virtual addresses array

Virtual_Port¶

Virtual port

Name	Default	Values	Description
Virtual_Port (integer \| array)	None	None	Virtual port

WAF_Policy¶

Configures a WAF policy

Name	Default	Values	Description
class (string)	WAF_Policy	None	None
label (object)	None	See “Label”	Optional friendly name for this object
remark (object)	None	See “Remark”	Arbitrary (brief) text pertaining to this object (optional). Does not allow control characters, double-quote, or backslash.
file (string)	None	None	None
ignoreChanges (boolean)	None	true, false	If false (default), the system updates the policy in every BIG-IP AS3 declaration deployment. If true, BIG-IP AS3 creates the policy on first deployment, and leaves it untouched afterwards
enforcementMode (string)	None	blocking, transparent	Overrides the enforcement mode setting of the WAF policy
policy (object)	None	See “F5_String”	The value can be either a string, text property, base64 property, url property, etc.