gtm global-settings general

gtm global-settings general(1)				BIG-IP TMSH Manual			    gtm global-settings general(1)

NAME
       general - Configures the general settings for the Global Traffic Manager.

MODULE
       gtm global-settings

SYNTAX
       Modify or display the general component within the gtm global-settings module using the syntax in the following sections.

   MODIFY
	modify general
	  options:
	    allow-nxdomain-override [enable | disable]
	    automatic-configuration-save-timeout [integer]
	    auto-discovery [no | yes]
	    auto-discovery-interval [integer]
	    cache-ldns-servers [no | yes]
	    domain-name-check [allow-underscore | none]
	    drain-persistent-requests [no | yes]
	    forward-status [enable | disable]
	    gtm-sets-recursion [no | yes]
	    heartbeat-interval [integer]
	    ignore-ltm-rate-limit-modes none
	    ignore-ltm-rate-limit-modes
	      [add | delete | replace-all-with] {
		[destination | object | object-destination | object-source | object-source-destination | source | source-destination]
	      }
	    iquery-cipher-list [string]
	    iquery-crl-validation-depth  [full | device]
	    iquery-minimum-tls-version [string]
	    iquery-reverify-on-crl-becoming-active [no | yes]
	    iquery-reverify-on-crl-expiring [no | yes]
	    iquery-reverify-on-crl-file-update [no | yes]
	    iquery-use-expired-crls [no | yes ]
	    iquery-use-not-yet-active-crls [no | yes]
	    iquery-use-revoked-certs [never | existing | always]
	    monitor-disabled-objects [no | yes]
	    nethsm-timeout [integer]
	    nsec3-types-bitmap-strict [enable | disable]
	    peer-leader [name]
	    send-wildcard-rrs [enable | disable]
	    static-persist-cidr-ipv4 [integer]
	    static-persist-cidr-ipv6 [integer]
	    synchronization [no | yes]
	    synchronization-group-name [name]
	    synchronization-time-tolerance [integer]
	    synchronization-timeout [integer]
	    synchronize-zone-files [no | yes]
	    synchronize-zone-files-timeout [integer]
	    topology-allow-zero-scores [no | yes]
	    virtuals-depend-on-server-state [no | yes]
	    wideip-zone-nameserver [string]

	edit general
	 options:
	   all-properties
	   non-default-properties
	   one-line

   DISPLAY
	list
	list general
	show running-config general
	show running-config general [option name]
	  options:
	    all-properties
	    non-default-properties

DESCRIPTION
       You can use the general component to modify or display the General Traffic Manager settings.

EXAMPLES
       modify general auto-discovery no

       Turns off auto-discovery for the Global Traffic Manager.

       list general all-properties

       Displays all properties of the general settings for the Global Traffic Manager.

OPTIONS
       allow-nxdomain-override
	    When enabled, specifies that the system uses the NOERROR instead of the NXDOMAIN response code in the following
	    scenario: there is no wide IP that matches the DNS query, but there is a wide IP for the same domain name in the DNS
	    query of a different type. In that case, when the NXDOMAIN response code is present in the response from one of the
	    DNS components, the system overrides it with the NOERROR response code. The default value is disabled.

       automatic-configuration-save-timeout
	    Sets the timeout, in seconds, indicating how long to wait after a GTM configuration change before automatically saving
	    the GTM configuration to the bigip_gtm.conf. A timeout of -1 will cause the GTM configuration to NEVER be saved. A
	    value of 0 will cause the GTM configuration to be saved immediately. The default value is 15 seconds.

       auto-discovery
	    Specifies whether the auto-discovery process is activated for this system. The default value is no.

       auto-discovery-interval
	    Specifies the frequency, in seconds, between system attempts to discover network components. The default value is 30.

       cache-ldns-servers
	    Specifies whether the system retains, in cache, all local DNS servers that make requests. The default value is yes.

	     You must enable this option if you want the system to store and use the LDNS path information.

       domain-name-check
	    Specifies the parameters for the Global Traffic Manager to use when performing domain name checking. The default value
	    is allow-underscore.

	    The possible values are:

	    allow-underscore
		The Global Traffic Manager checks domain names according to the specifications in RFC 1123 Requirements for
		Internet Hosts - Application and Support, except that underscores are allowed.

	    none
		No validation is performed. Anything is allowed.

	    idn-compatible
		Deprecated since v12.1.0. Equivalent to allow-underscore. Value of idn-compatible will be saved as allow-
		underscore.

	    strict
		Deprecated since v12.1.0. Equivalent to allow-underscore. Value of strict will be saved as allow-underscore.

       drain-persistent-requests
	    Specifies, when set to yes, that when you disable a pool, load-balanced, persistent connections remain connected until
	    the TTL expires. The default value is yes. If you set this option to no, any persistent connections terminate
	    immediately when a pool is disabled.

       forward-status
	    Specifies, when set to enabled, that the availability status change for GTM objects will be shared with subscribers.
	    This option will enable iControl clients to receive event notifications when a change occurs.

       gtm-sets-recursion
	    Specifies, when set to yes, that the system enables recursive DNS queries, regardless of whether the requesting local
	    DNS enabled recursive queries. The default value is no.

       heartbeat-interval
	    Specifies the frequency at which the Global Traffic Manager queries other BIG-IP(r) systems for updated data. When
	    configuring monitors for BIG-IP systems, F5 Networks recommends that the probe-interval option for the monitor be
	    equal to or greater than the this option. The default value is 10.

       ignore-ltm-rate-limit-modes
	    Specifies the LTM rate limit modes for the system to ignore for LTM virtual servers when a BIG-IP monitor is used.
	    When an LTM virtual server is connection-limited or rate-limited and that LTM virtual server is configured with a rate
	    limit mode that is included in the list of modes to ignore, the corresponding GTM virtual server is not marked
	    unavailable. The default value is none.

       iquery-cipher-list
	    This is a ":" separated list of cipher specifications as accepted by the "openssl ciphers" command. OpenSSL will use
	    the cipher list to negotiate a mutually acceptable cipher with the server during iQuery connection setup.

       iquery-crl-validation-depth
	    Determines which CRL(s) are required during certificate validation for iQuery connections. The default value is full.

	    The possible values are:

	    full
		A CRL must exist for every certificate authority in the certificate chain.

	    device
		A CRL must exist for the certificate authority that issued the certificate. CRL(s) for other certificate
		authorities in the certificate chain are not used.

       iquery-minimum-tls-version
	    This is a string to specify the minimum TLS version that will be offered by the client (GTM) during iQuery connection
	    negotiation.

       iquery-reverify-on-crl-becoming-active
	    Specifies, when set to yes, that all existing iQuery connections will have their certificates reverified whenever a
	    whenever a CRL becomes active (thisUpdate is reached). The default value is yes.

       iquery-reverify-on-crl-expiring
	    Specifies, when set to yes, that all existing iQuery connections will have their certificates reverified whenever a
	    CRL expires (nextUpdate is reached). The default value is yes.

       iquery-reverify-on-crl-file-update
	    Specifies, when set to yes, that all existing iQuery connections will have their certificates reverified whenever the
	    CRL file is updated. The default value is yes.

       iquery-send-wildcard-rrs
	    Specifies, when set to enable, that WideIPs or WideIP aliases that contain wildcards will autogenerate Resource
	    Records in the BIND database. The default value is disable.

       iquery-use-expired-crls
	    Specifies, when set to yes, that the validation of an iQuery SSL certificate can use an expired CRL (the
	    \"nextUpdate\" field of the CRL in the past). The default value is yes.

       iquery-use-not-yet-active-crls
	    Specifies, when set to yes, that the validation of an iQuery SSL certificate can use a not yet active CRL (the
	    \"thisUpdate\" field of the CRL in the future). The default value is yes.

       iquery-use-revoked-certs Specifies the action to take when a certificate is found to be revoked during the verification of
       an iQuery connection.
	    The options are:

	    never
		Do not allow the usage of revoked certificates. All new connections that are found to be revoked will be rejected.
		Any existing connections that are found to now be revoked will be disconnected.

	    existing
		Only allow the usage of revoked certificates on previously established iQuery connections. Reject all new
		connections with certificates that are found to be revoked.

	    always
		Allow the usage of revoked certificates on all new and existing iQuery connections.

       monitor-disabled-objects
	    Specifies, when set to yes, that the system will continue to monitor objects even if the objects are disabled. The
	    default value is no.

       nethsm-timeout
	    Time to wait on a NetHSM key creation operation for DNSSEC before retry. Default is 20 seconds.

       nsec3-types-bitmap-strict
	    When the nsec3-types-bitmap-strict setting has a default value of disabled the BIG-IP responds permissively to DS
	    record queries when authenticating denial of existence. That is to say, the NSEC3 types bitmap will contain NS, even
	    if we cannot be sure such a record exists.

	    When the setting is set to non-default value enabled (ie strict), the BIG-IP will only confirm the existence of the NS
	    record (via the types bitmap of the NSEC3) when the zone is configured as an unsecured delegation on the DNSSEC Zone.
	    If it is not configured, the BIG-IP will respond with TXT in the types bitmap.

       peer-leader
	    Specifies the name of a GTM server to be used for executing certain features, such as creating DNSSEC keys.

       send-wildcard-rrs
	    Specifies, when set to enable, that WideIPs or WideIP aliases that contain wildcards will autogenerate Resource
	    Records in the BIND database. The default value is disable.

       static-persist-cidr-ipv4
	    Specifies the number of bits of the IPv4 address that the system considers when using the Static Persist load
	    balancing mode. The default value is 32.

       static-persist-cidr-ipv46
	    Specifies the number of bits of the IPv6 address that the system considers when using the Static Persist load
	    balancing mode. The default value is 128.

       synchronization
	    Specifies whether this system is a member of a synchronization group. The default value is no.

	    Members of the synchronization group continuously share configuration and metrics collection information. The
	    synchronization group can contain Global Traffic Managers and Link Controllers.

       synchronization-group-name
	    Specifies the name of the synchronization group to which the system belongs. The default name is default.

       synchronization-time-tolerance
	    Specifies the number of seconds that one system clock can be out of sync with another system clock, in the
	    synchronization group. If the variance between the clock times is higher than the time tolerance setting, the system
	    logs the time difference once per hour.

	    Possible values are 0 (zero), and 5 - 600. (Values 1 through 4 are automatically set to 5, and 0 (zero) turns time
	    synchronization off.) The default value is 10 seconds.

	    Note: If you are using NTP to synchronize the clock with a time server, select a time tolerance other than 0 (zero).
	    When you do this, the system uses the synchronization-time-tolerance option as a fail-over mechanism if NTP is
	    disabled for any reason.

       synchronization-timeout
	    Specifies the number of seconds that the system attempts to synchronize the Global Traffic Manager configuration with
	    a synchronization group member. If the synchronization times out, the system tries again. The default value is 180.

       synchronize-zone-files
	    Specifies whether the system synchronizes zone files among the synchronization group members. The default value is no.

       synchronize-zone-files-timeout
	    Specifies the number of seconds that a synchronization group member attempts to synchronize its zone files with a
	    synchronization group member. If the synchronization times out, the system tries again. The default value is 300.

       topology-allow-zero-scores
	    Specifies if topology load-balancing or QoS load-balancing with topology enabled will return pool members with zero
	    topology scores. The default value is yes.

       virtuals-depend-on-server-state
	    Specifies whether the system marks a virtual server down when the server on which the virtual server is configured can
	    no longer be reached via iQuery. The default value is yes.

       wideip-zone-nameserver
	    Specifies the DNS Nameserver to use for all NS records for automatically generated DNS Zones created for all Wide IPs.
	    It should be set to a registered DNS Nameserver for the Wide IPs.

SEE ALSO
       edit, gtm global-settings load-balancing, gtm global-settings metrics, gtm global-settings metrics-exclusions, list,
       modify, show, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
       photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
       use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008-2013, 2015-2016. All rights reserved.

BIG-IP							    2020-07-24				    gtm global-settings general(1)