gtm global-settings general
gtm global-settings general(1) BIG-IP TMSH Manual gtm global-settings general(1)
NAME
general - Configures the general settings for the Global Traffic Manager.
MODULE
gtm global-settings
SYNTAX
Modify or display the general component within the gtm global-settings module using the syntax in the following sections.
MODIFY
modify general
options:
allow-nxdomain-override [enable | disable]
automatic-configuration-save-timeout [integer]
auto-discovery [no | yes]
auto-discovery-interval [integer]
cache-ldns-servers [no | yes]
domain-name-check [allow-underscore | none]
drain-persistent-requests [no | yes]
forward-status [enable | disable]
gtm-sets-recursion [no | yes]
heartbeat-interval [integer]
ignore-ltm-rate-limit-modes none
ignore-ltm-rate-limit-modes
[add | delete | replace-all-with] {
[destination | object | object-destination | object-source | object-source-destination | source | source-destination]
}
iquery-cipher-list [string]
iquery-crl-validation-depth [full | device]
iquery-minimum-tls-version [string]
iquery-reverify-on-crl-becoming-active [no | yes]
iquery-reverify-on-crl-expiring [no | yes]
iquery-reverify-on-crl-file-update [no | yes]
iquery-use-expired-crls [no | yes ]
iquery-use-not-yet-active-crls [no | yes]
iquery-use-revoked-certs [never | existing | always]
monitor-disabled-objects [no | yes]
nethsm-timeout [integer]
nsec3-types-bitmap-strict [enable | disable]
peer-leader [name]
send-wildcard-rrs [enable | disable]
static-persist-cidr-ipv4 [integer]
static-persist-cidr-ipv6 [integer]
synchronization [no | yes]
synchronization-group-name [name]
synchronization-time-tolerance [integer]
synchronization-timeout [integer]
synchronize-zone-files [no | yes]
synchronize-zone-files-timeout [integer]
topology-allow-zero-scores [no | yes]
virtuals-depend-on-server-state [no | yes]
wideip-zone-nameserver [string]
edit general
options:
all-properties
non-default-properties
one-line
DISPLAY
list
list general
show running-config general
show running-config general [option name]
options:
all-properties
non-default-properties
DESCRIPTION
You can use the general component to modify or display the General Traffic Manager settings.
EXAMPLES
modify general auto-discovery no
Turns off auto-discovery for the Global Traffic Manager.
list general all-properties
Displays all properties of the general settings for the Global Traffic Manager.
OPTIONS
allow-nxdomain-override
When enabled, specifies that the system uses the NOERROR instead of the NXDOMAIN response code in the following
scenario: there is no wide IP that matches the DNS query, but there is a wide IP for the same domain name in the DNS
query of a different type. In that case, when the NXDOMAIN response code is present in the response from one of the
DNS components, the system overrides it with the NOERROR response code. The default value is disabled.
automatic-configuration-save-timeout
Sets the timeout, in seconds, indicating how long to wait after a GTM configuration change before automatically saving
the GTM configuration to the bigip_gtm.conf. A timeout of -1 will cause the GTM configuration to NEVER be saved. A
value of 0 will cause the GTM configuration to be saved immediately. The default value is 15 seconds.
auto-discovery
Specifies whether the auto-discovery process is activated for this system. The default value is no.
auto-discovery-interval
Specifies the frequency, in seconds, between system attempts to discover network components. The default value is 30.
cache-ldns-servers
Specifies whether the system retains, in cache, all local DNS servers that make requests. The default value is yes.
You must enable this option if you want the system to store and use the LDNS path information.
domain-name-check
Specifies the parameters for the Global Traffic Manager to use when performing domain name checking. The default value
is allow-underscore.
The possible values are:
allow-underscore
The Global Traffic Manager checks domain names according to the specifications in RFC 1123 Requirements for
Internet Hosts - Application and Support, except that underscores are allowed.
none
No validation is performed. Anything is allowed.
idn-compatible
Deprecated since v12.1.0. Equivalent to allow-underscore. Value of idn-compatible will be saved as allow-
underscore.
strict
Deprecated since v12.1.0. Equivalent to allow-underscore. Value of strict will be saved as allow-underscore.
drain-persistent-requests
Specifies, when set to yes, that when you disable a pool, load-balanced, persistent connections remain connected until
the TTL expires. The default value is yes. If you set this option to no, any persistent connections terminate
immediately when a pool is disabled.
forward-status
Specifies, when set to enabled, that the availability status change for GTM objects will be shared with subscribers.
This option will enable iControl clients to receive event notifications when a change occurs.
gtm-sets-recursion
Specifies, when set to yes, that the system enables recursive DNS queries, regardless of whether the requesting local
DNS enabled recursive queries. The default value is no.
heartbeat-interval
Specifies the frequency at which the Global Traffic Manager queries other BIG-IP(r) systems for updated data. When
configuring monitors for BIG-IP systems, F5 Networks recommends that the probe-interval option for the monitor be
equal to or greater than the this option. The default value is 10.
ignore-ltm-rate-limit-modes
Specifies the LTM rate limit modes for the system to ignore for LTM virtual servers when a BIG-IP monitor is used.
When an LTM virtual server is connection-limited or rate-limited and that LTM virtual server is configured with a rate
limit mode that is included in the list of modes to ignore, the corresponding GTM virtual server is not marked
unavailable. The default value is none.
iquery-cipher-list
This is a ":" separated list of cipher specifications as accepted by the "openssl ciphers" command. OpenSSL will use
the cipher list to negotiate a mutually acceptable cipher with the server during iQuery connection setup.
iquery-crl-validation-depth
Determines which CRL(s) are required during certificate validation for iQuery connections. The default value is full.
The possible values are:
full
A CRL must exist for every certificate authority in the certificate chain.
device
A CRL must exist for the certificate authority that issued the certificate. CRL(s) for other certificate
authorities in the certificate chain are not used.
iquery-minimum-tls-version
This is a string to specify the minimum TLS version that will be offered by the client (GTM) during iQuery connection
negotiation.
iquery-reverify-on-crl-becoming-active
Specifies, when set to yes, that all existing iQuery connections will have their certificates reverified whenever a
whenever a CRL becomes active (thisUpdate is reached). The default value is yes.
iquery-reverify-on-crl-expiring
Specifies, when set to yes, that all existing iQuery connections will have their certificates reverified whenever a
CRL expires (nextUpdate is reached). The default value is yes.
iquery-reverify-on-crl-file-update
Specifies, when set to yes, that all existing iQuery connections will have their certificates reverified whenever the
CRL file is updated. The default value is yes.
iquery-send-wildcard-rrs
Specifies, when set to enable, that WideIPs or WideIP aliases that contain wildcards will autogenerate Resource
Records in the BIND database. The default value is disable.
iquery-use-expired-crls
Specifies, when set to yes, that the validation of an iQuery SSL certificate can use an expired CRL (the
\"nextUpdate\" field of the CRL in the past). The default value is yes.
iquery-use-not-yet-active-crls
Specifies, when set to yes, that the validation of an iQuery SSL certificate can use a not yet active CRL (the
\"thisUpdate\" field of the CRL in the future). The default value is yes.
iquery-use-revoked-certs Specifies the action to take when a certificate is found to be revoked during the verification of
an iQuery connection.
The options are:
never
Do not allow the usage of revoked certificates. All new connections that are found to be revoked will be rejected.
Any existing connections that are found to now be revoked will be disconnected.
existing
Only allow the usage of revoked certificates on previously established iQuery connections. Reject all new
connections with certificates that are found to be revoked.
always
Allow the usage of revoked certificates on all new and existing iQuery connections.
monitor-disabled-objects
Specifies, when set to yes, that the system will continue to monitor objects even if the objects are disabled. The
default value is no.
nethsm-timeout
Time to wait on a NetHSM key creation operation for DNSSEC before retry. Default is 20 seconds.
nsec3-types-bitmap-strict
When the nsec3-types-bitmap-strict setting has a default value of disabled the BIG-IP responds permissively to DS
record queries when authenticating denial of existence. That is to say, the NSEC3 types bitmap will contain NS, even
if we cannot be sure such a record exists.
When the setting is set to non-default value enabled (ie strict), the BIG-IP will only confirm the existence of the NS
record (via the types bitmap of the NSEC3) when the zone is configured as an unsecured delegation on the DNSSEC Zone.
If it is not configured, the BIG-IP will respond with TXT in the types bitmap.
peer-leader
Specifies the name of a GTM server to be used for executing certain features, such as creating DNSSEC keys.
send-wildcard-rrs
Specifies, when set to enable, that WideIPs or WideIP aliases that contain wildcards will autogenerate Resource
Records in the BIND database. The default value is disable.
static-persist-cidr-ipv4
Specifies the number of bits of the IPv4 address that the system considers when using the Static Persist load
balancing mode. The default value is 32.
static-persist-cidr-ipv46
Specifies the number of bits of the IPv6 address that the system considers when using the Static Persist load
balancing mode. The default value is 128.
synchronization
Specifies whether this system is a member of a synchronization group. The default value is no.
Members of the synchronization group continuously share configuration and metrics collection information. The
synchronization group can contain Global Traffic Managers and Link Controllers.
synchronization-group-name
Specifies the name of the synchronization group to which the system belongs. The default name is default.
synchronization-time-tolerance
Specifies the number of seconds that one system clock can be out of sync with another system clock, in the
synchronization group. If the variance between the clock times is higher than the time tolerance setting, the system
logs the time difference once per hour.
Possible values are 0 (zero), and 5 - 600. (Values 1 through 4 are automatically set to 5, and 0 (zero) turns time
synchronization off.) The default value is 10 seconds.
Note: If you are using NTP to synchronize the clock with a time server, select a time tolerance other than 0 (zero).
When you do this, the system uses the synchronization-time-tolerance option as a fail-over mechanism if NTP is
disabled for any reason.
synchronization-timeout
Specifies the number of seconds that the system attempts to synchronize the Global Traffic Manager configuration with
a synchronization group member. If the synchronization times out, the system tries again. The default value is 180.
synchronize-zone-files
Specifies whether the system synchronizes zone files among the synchronization group members. The default value is no.
synchronize-zone-files-timeout
Specifies the number of seconds that a synchronization group member attempts to synchronize its zone files with a
synchronization group member. If the synchronization times out, the system tries again. The default value is 300.
topology-allow-zero-scores
Specifies if topology load-balancing or QoS load-balancing with topology enabled will return pool members with zero
topology scores. The default value is yes.
virtuals-depend-on-server-state
Specifies whether the system marks a virtual server down when the server on which the virtual server is configured can
no longer be reached via iQuery. The default value is yes.
wideip-zone-nameserver
Specifies the DNS Nameserver to use for all NS records for automatically generated DNS Zones created for all Wide IPs.
It should be set to a registered DNS Nameserver for the Wide IPs.
SEE ALSO
edit, gtm global-settings load-balancing, gtm global-settings metrics, gtm global-settings metrics-exclusions, list,
modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2015-2016. All rights reserved.
BIG-IP 2020-07-24 gtm global-settings general(1)