apm profile connectivity
apm profile connectivity(1) BIG-IP TMSH Manual apm profile connectivity(1)
NAME
connectivity - Configures a connectivity profile.
MODULE
apm profile
SYNTAX
Configure the connectivity component within the profile module using the syntax shown in the following sections.
CREATE/MODIFY
create connectivity [name]
modify connectivity [name]
options:
adaptive-compression [enabled | disabled]
app-service [[string] | none]
citrix-client-bundle [[name] | default-citrix-client-bundle]
client-policy [add | delete | modify | replace-all-with] {
[name] {
android-ec {
device-lock-method [alphabetic | alphanumeric | any | numeric ]
device-lock-complexity [none | low | medium | high]
enable-mobilesafe [true | false]
enforce-device-lock [true | false]
enforce-logon-mode [true | false]
logon-mode [native | web]
require-device-auth [true | false]
max-inactivity-time [integer]
min-passcode-length [integer]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
}
android-ep {
device-lock-method [alphabetic | alphanumeric | any | numeric ]
enable-mobilesafe [true | false]
enforce-device-lock [true | false]
enforce-logon-mode [true | false]
logon-mode [native | web]
max-inactivity-time [integer]
min-passcode-length [integer]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
}
chromeos-ec {
enforce-logon-mode [true | false]
logon-mode [native | web]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
}
macos-ec {
enforce-logon-mode [true | false]
logon-mode [native | web]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
}
ec {
component-update [yes | prompt | no]
location-dns [add | delete | modify | replace-all-with] {
[name]
}
reuse-winlogon-creds [true | false]
reuse-winlogon-session [true | false]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
save-servers-on-exit [true | false]
}
ios-ec {
enable-mobilesafe [true | false]
enforce-logon-mode [true | false]
logon-mode [native | web]
require-device-auth [true | false]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
vod-disconnect-timeout [integer]
}
ios-ep {
enable-mobilesafe [true | false]
enforce-logon-mode [true | false]
logon-mode [native | web]
enforce-pin-lock [true | false]
max-grace-period [integer]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
}
oauth {
provider-name [name]
client-id [string]
client-secret [string]
scopes [string]
done-uri [string]
}
servers {
{
alias [[string] | none]
host [string]
}
...
}
}
}
compress-buffer-size [integer]
compress-cpu-saver [true | false]
compress-cpu-saver-high [integer]
compress-cpu-saver-low [integer]
compress-gzip-level [integer]
compress-gzip-memlevel [integer]
compress-gzip-window-size [integer]
compress-ingress [true | false]
compress-preferred-method [[string] | none]
compression [enabled | disabled]
compression-codecs [[string] | none]
customization-group [[string] | none]
defaults from [[name] | none]
deflate-compression-level [integer]
description [[string] | none]
location-specific [true | false]
tunnel-name [[string] | none]
edit connectivity [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list connectivity
list connectivity [ [ [name] | [glob] | [regex] ] ... ]
show running-config connectivity
show running-config connectivity [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
partition
show connectivity
show connectivity [name]
DELETE
delete connectivity [name]
DESCRIPTION
You can use the connectivity component to configure a connectivity profile. By using the connectivity profile, you can
configure L2 and L4 tunnels, compression, Windows and mobile client settings, and client component downloads from F5
Networks and Citrix.
EXAMPLES
create connectivity myconnectivityprofile { }
Creates a connectivity profile named myconnectivityprofile that inherits its settings from the system default
connectivity profile.
OPTIONS
adaptive-compression
Enables or disables adaptive compression. Use this option to configure compression settings for application tunnels
and to optimize applications and RDP traffic. The default is enabled.
app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
object. Only the application service can modify or delete the object.
citrix-client-bundle
Specifies the Citrix client bundle used by this connectivity profile. The default is default-citrix-client-bundle.
client-policy
Adds, deletes, or modifies the client policy for any of the following clients:
android-ec Android Edge Client
android-ep Android Edge Portal
chromeos-ec Chrome OS Edge Client
macos-ec Mac OS F5 Access
ec Windows/OSX Edge Client
ios-ec iOS Edge Client
ios-ep iOS Edge Portal
Options (please refer to the SYNTAX section to see if a certain option is supported for a particular client):
component-update
Specifies how the client handles automatic updates. The options are:
yes Automatically installs a client update when one is available.
prompt
Prompts the user about installing a client update.
No Disables the client from receiving automatic updates.
device-lock-method
Specifies the device lock quality that the client should enforce on the device. The options are:
alphabetic
Device passcode must contain at least alphabetic (or other symbol) characters.
alphanumeric
Device passcode must contain at least both numeric and alphabetic (or other symbol) characters.
any A device passcode must be set but does not matter what it is.
numeric
Device passcode must contain at least numeric characters.
device-lock-complexity
Specifies the device lock complexity that the client should enforce on the device. The options are:
none A device passcode is not required.
low Passwords can be a pattern or a PIN with repeating numbers or ordered sequences.
medium
Passwords meet one of the following rules: 1. Numeric PIN with no repeating or ordered sequences with a
minimum length of 4 characters. 2. Alphabetic PIN with a minimum length of 4 characters. 3. Alphanumeric
PIN with a minimum length of 4 characters.
high Passwords meet one of the following rules: 1. Numeric PIN with no repeating or ordered sequences with a
minimum length of 8 characters. 2. Alphabetic PIN with a minimum length of 6 characters. 3. Alphanumeric
PIN with a minimum length of 6 characters.
enable-mobilesafe
Enables or disable MobileSafe checks. Use this option to configure whether client should execute the MobileSafe
security checks as part of the logon. The default is false.
enforce-device-lock
Specifies whether client should enforce a device passcode policy on the device. The default is true.
enforce-logon-mode
Specifies whether client should enforce a logon mode on the device. The default is false. Set to true if external
logon page is used.
logon-mode
Specifies logon mode to be enforced on the device. The default is native. Set to web if external logon page is
used.
enforce-pin-lock
Specifies whether client should enforce an app-level PIN before allowing access to the app. The default is true.
location-dns
Specifies a list of DNS suffixes used by the Network Location Awareness feature of the client. This list
represents the internal network where local resources are available without the need of a Network Access
connection. The default is none.
max-grace-period
Specifies the length of time (in minutes) the app was taken to the background before the user will be asked for a
PIN. With the option set to 0, user will be asked for the PIN every time the app is taken from the background.
The default is 2.
max-inactivity-time
Sets the length of time (in minutes) since the user last touched the screen or pressed a button before the device
locks the screen. The default is 5.
min-passcode-length
Specifies the minimum required number of characters for the device passcode. The default is 4.
oauth
OAuth configuration for BIG-IP Edge Clients.
client-id
Specifies the OAuth client identifier. The client identifier is not a secret; it is exposed by BIG-IP APM
virtual server. OAuth configuration is disabled if client-id is not specified. Only 0x20-0x7E characters
are allowed. Maximum client-id length is 2048 characters. The default is none.
client-secret
Specifies the OAuth client secret. The "client secret" for public client is not a secret; it is exposed by
BIG-IP APM virtual server. Only 0x20-0x7E characters are allowed. Maximum client-secret length is 4096
characters. The default is none.
done-uri
Specifies a URI to which to direct the OAuth client when authentication is complete or fails (such as "You
can close this tab" page). Default APM page is used when none is selected. Maximum URI length is 2048
characters. The default is none.
provider-name
Specifies the name of the OAuth provider (apm aaa oauth-provider). OAuth configuration is disabled if no
provider is specified. The default is none.
scopes
Specifies scope of the OAuth access request. The value of the scopes parameter is expressed as a list of
space-delimited, case-sensitive strings. The strings are defined by the authorization server. If the value
contains multiple space-delimited strings, their order does not matter. Only 0x20-0x21, 0x23-0x5B, 0x5D-0x7E
characters are allowed. Maximum scopes parameter length is 16384 characters. The default is none.
require-device-auth
Specifies whether device authentication is needed before accessing cached credentials. The default is false.
reuse-winlogon-creds
Specifies whether client can reuse logon credentials entered by a user for a subsequent log in. The default is
false.
reuse-winlogon-session
Specifies whether client should attempt to use the same Windows logon session. The default is false.
save-password
Specifies whether client allows user password caching. The default is false.
save-password-method
Specifies whether client saves encrypted passwords on disk or caches passwords in memory only. The default is
disk.
save-password-timeout
Specifies the number of minutes that a cached password remains valid (applies only to in-memory password
caching). The default is 240.
save-servers-on-exit
Specifies whether client maintains a list of Access Policy Manager systems that the client accessed. The default
is true.
servers
Specifies a list of server and alias pairs in the client's server list.
compress-buffer-size
Specifies the size of compressed data for Network Access tunnels. The default is 4096.
compress-cpu-saver
Specifies whether the system monitors the percentage of CPU usage and adjusts compression rates automatically when CPU
usage reaches either the CPU saver high threshold or the CPU saver low threshold. The default is true.
compress-cpu-saver-high
Specifies the percentage of CPU usage at which the system starts automatically decreasing the amount of content being
compressed, as well as the amount of compression which the system is applying. The default is 90 percent.
compress-cpu-saver-low
Specifies the percentage of CPU usage at which the system resumes content compression at the user-defined rates. The
default is 75 percent.
compress-gzip-level
Specifies the degree to which the system compresses the content. Higher compression levels slow down the compression
process. The default is 6, which provides a higher amount of compression at the expense of more CPU processing time. 1
is the lowest level and 9 is the highest level. 0 disables compression.
compress-gzip-memlevel
Specifies the number of kilobytes of memory that the system uses for internal compression buffers when compressing
data. You can select a value between 1 and 256. The default is 8192.
compress-gzip-window-size
Specifies the number of kilobytes in the window size that the system uses when compressing data. You can select a
value between 1 and 128. The default is 16384.
compress-ingress
Specifies whether incoming data is compressed. The default is false.
compress-preferred-method
Specifies the preferred method of data compression. The default is zlib.
compression
Enables or disables compression between the client and the server. The default is enabled.
compression-codecs
Specifies the available compression codecs for server-to-client connections. The server compares the available
compression types you configure with the available compression types on the client, and then chooses the most
effective mutual compression setting. Compression for the client is configured separately. The default includes all
three available codecs:
lzo Offers a balance between CPU resources and compression ratio, compressing more than deflate, but with less CPU
resources than bzip2.
deflate
Uses the least CPU resources, but compresses the least effectively.
bzip2
Uses the most CPU resources, but compresses the most effectively.
customization-group
Specifies which customization groups are applied. This option is required.
defaults-from
Specifies the profile from which this profile inherits properties that are not specified explicitly. The default is
connectivity.
deflate-compression-level
Specifies the level of compression performed by the deflate codec. The default is 1.
description
Specifies a user-defined description for the connectivity profile.
location-specific
Specifies whether or not this object contains one or more attributes with values that are specific to the location
where the BIG-IP device resides. The location-specific attribute is either true or false. When using policy sync, mark
an object as location-specific to prevent errors that can occur when policies reference objects, such as
authentication servers, that are specific to a certain location.
[name]
Specifies the profile that you want to use as the parent profile. The new profile inherits all settings and values
from the parent profile.
tunnel-name
Specifies the name of the tunnel through which data passes. The default is none.
SEE ALSO
apm aaa oauth-provider, apm profile, ltm virtual
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2020. All rights reserved.
BIG-IP 2021-06-24 apm profile connectivity(1)