sys global-settings¶

sys global-settings(1) BIG-IP TMSH Manual sys global-settings(1)

NAME
global-settings - Configures the global system settings for a BIG-IP(r) system.

MODULE
sys

SYNTAX
Configure the global-settings component within the sys module using the syntax in the following sections.

MODIFY
modify global-settings
options:
aws-access-key [string]
aws-secret-key [string]
aws-api-max-concurrency [integer]
file-blacklist-path-prefix [string]
file-blacklist-read-only-path-prefix [string]
file-whitelist-path-prefix [string]
console-inactivity-timeout [integer]
custom-addr [IP address]
description [string]
failsafe-action [go-offline | reboot | restart-all |
go-offline-restart-tm | failover-restart-tm]
file-local-path-prefix [local path prefix]
gui-audit [disabled | enabled]
gui-expired-cert-alert [disabled | enabled]
gui-security-banner [disabled | enabled]
gui-security-banner-text [string]
gui-setup [disabled | enabled]
host-addr-mode [custom | management | state-mirror]
hostname [string]
hosts-allow-include [string]
lcd-display [disabled | enabled]
net-reboot [disabled | enabled]
ssh-session-limit [disabled | enabled]
ssh-root-session-limit [disabled | enabled]
ssh-max-session-limit [integer]
ssh-max-session-limit-per-user [integer]
password-prompt [string]
mgmt-dhcp [dhcpv4 | dhcpv6 | disabled | enabled]
quiet-boot [disabled | enabled]
remote-host [add | delete | replace-all-with] {
[name]... {
options:
addr [IP address]
hostname [string]
}
}
remote-host none
username-prompt [string]

edit global-settings
options:
all-properties
non-default-properties

DISPLAY
list global-settings
list global-settings [option]
show running-config global-settings
show running-config global-settings [option]
options:
all-properties
non-default-properties
one-line

DESCRIPTION
You can use the global-settings component to set up the BIG-IP system.

EXAMPLES
modify system remote-host add { bigip151 {addr 172.27.226.151 hostname bigip151.saxon.net} }

Sets up a remote host named bigip151 with an IP address of 172.27.226.151 and a hostname of bigip151.saxon.net.

list global-settings all-properties

Displays all of the properties of the global system settings.

OPTIONS
aws-access-key
Amazon Web Services (AWS) supplied access key needed to make secure requests to AWS. The default value is none.

aws-secret-key
Amazon Web Services (AWS) supplied secret key needed to make secure requests to AWS. The default value is none.

aws-api-max-concurrency
Maximum concurrent connections allowed while making Amazon Web Service (AWS) api calls. The default value is 1.

file-blacklist-path-prefix
Specifies the path prefixes that are disallowed for certain commands. The blacklist takes precedence over the
whitelist. It is used by the tmsh save/load sys config file command to disallow saving or loading configuration.
Example: The path prefix /shared/tmp/ is included both in the whitelist and blacklist. Since, it is present in the
blacklist, the configuration cannot be saved or loaded from the /shared/tmp/ location. The paths are specified in
braces separated by spaces in quotes. ex: "{/shared/3dns/} {/shared/bin/}".

file-blacklist-read-only-path-prefix
Specifies the read-only path prefixes that are disallowed for certain commands. It is used by the tmsh save/load sys
config file command to disallow saving or loading configuration. It is a read-only attribute with value
"{/etc/shadow}".

file-whitelist-path-prefix
Specifies the path prefixes that are valid for certain commands. It is used by the tmsh save/load sys config file
command for saving or loading configuration. The paths are specified in braces separated by spaces in quotes. ex:
"{/var/local/scf/} {/tmp/} {/shared/} {/config/}".

console-inactivity-timeout
Specifies the number of seconds of inactivity before the system logs off a user that is logged on. The default value
is 0 (zero), which means that no timeout is set. The valid range is 0 - 2147483647.

custom-addr
Specifies an IP address for the system. The default value is ::. The host-addr-mode option must be set to custom in
order for this setting to take effect.

description
Specifies a user defined description. The default value is no description.

failsafe-action
Specifies the action that the system takes when the switch board fails. The default value is go-offline-restart-tm.

failover-restart-tm
Specifies that when the switch board fails the system restarts the traffic management system and fails over to
the other unit in a redundant pair.

go-offline
Specifies that when the switch board fails the system goes offline.

go-offline-restart-tm
Specifies that when the switch board fails the system goes offline and restarts the traffic management system.

reboot
Specifies that after the active cluster fails over to its peer, it reboots while the peer processes the traffic.

restart-all
Specifies that when the switch board fails the system restarts all system services.

file-local-path-prefix
Specifies a list of folder prefixes that can be applied for file objects. This is a space separated list of folder
prefixes, contained in curly braces. Example: "{file:///shared/}" or "{file:///fileobjectfolder/} {/shared/}". By
default the folders are "/shared/" and "/tmp/", represented as "{/shared/} {/tmp/}".

gui-audit
Specifies whether or not system GUI log audit messages. If you disable this option, system GUI will not log audit
messages. The default value is disabled.

gui-expired-cert-alert
Specifies whether or not system GUI identify in use expired certificates and alert the user. If you disable this
option, system GUI will not monitor in use certificates. The default value is enabled.

gui-security-banner
Specifies whether the system presents on the login screen the text you specify in the gui-security-banner-text option.
If you disable this option, the system presents an empty frame in the right portion of the login screen. The default
value is enabled.

gui-security-banner-text
Specifies the text to present on the login screen when the gui-security-banner option is enabled. The default value is
Welcome to the BIG-IP Configuration Utility.

Note: To enter a carriage return in the text type Ctrl-V followed by Ctrl-J. Additionally, you must escape special
characters, such as a question mark(?), with a back slash.

gui-setup
Enables or disables the Setup utility in the browser-based Configuration utility. The default value is enabled.

Note: When you configure a system using tmsh, disable this option. Disabling this option allows the system
administrators to use the browser-based Configuration utility without having to run the Setup utility.

host-addr-mode
Specifies the type of host address you want to assign to the system. The default value is management. The options are:

custom
Use this value to specify a custom IP address for the system using the custom-addr option.

management
Indicates that the host address is the management port of the system.

state-mirror
Use this value when the host address of the system is shared by the other system in a redundant pair. In case of
system failure, the traffic to the other system is routed to this system.

hostname
Specifies a local name for the system. The default value is bigip1.

hosts-allow-include
Warning: Do not use this parameter without assistance from the F5 Technical Support team. The system does not validate
the commands issued when you use the hosts-allow-include option. If you use this option incorrectly, you put the
functionality of the system at risk.

lcd-display
Enables or disables the LCD display on the front of the system. The default value is enabled.

net-reboot
Enables or disables the network reboot feature. The default value is disabled.

If you enable this feature and then reboot the system, the system boots from an ISO image on the network, rather than
from an internal media drive. Use this option only when you want to install software on the system, for example, for
an upgrade or a re-installation.

Note: An enabled value reverts to disabled after you reboot the system a second time.

ssh-session-limit
Enable or Disable SSH session limit, by default this is disabled.

When enabled, per-user and global SSH session limits are enforced.

To enable ssh-session-limit feature 'cli global-settings idle-timeout' and 'sys sshd inactivity-timeout' need to be
configured with value greater than zero.

ssh-root-session-limit
Enable or disable SSH session limit for root user, by default it is disabled for root user.

When enabled, root user SSH session limits are enforced.

ssh-max-session-limit
Sets the global max SSH session limit. The default value is 10 and the range is 1 to 65535.

When set, this value is used to limit the total SSH sessions on the BIG-IP.

ssh-max-session-limit-per-user
Sets the global max SSH session limit per user. The range is -1 to 65535.

This is given preference only when user level ssh session limit is not configured. By default it is set to -1 and
uses ssh-max-session-limit as per-user ssh session limit. If set to 0, all users are prohibited to ssh the BIG-IP.
For range 1 to 65535, the value is the maximum ssh session limit for all users.

password-prompt
Specifies the text to present above the password field on the system's login screen.

mgmt-dhcp
Specifies whether the system uses DHCPv4/DHCPv6 clients for acquiring the management interface IP addresses. The
option takes 4 possible values: dhcpv4, dhcpv6, disabled, enabled. dhcpv4 and dhcpv6 options only enable DHCPv4 or
DHCPv6 client respectively. enabled and disabled options enable/disable both DHCPv4 and DHCPv6 clients.

If this option is enabled, manually specified IP addresses for the management interface may be overwritten if the
network also contains a DHCP server (for the given IP protocol). If this option is disabled, no DHCP server will be
applied to the management interface, however any previously acquired address will still be used. The default value is
enabled for VE and disabled for all other platforms. When this option is enabled, manual changes like create/delete on
sys management-ip will not be allowed. For dhcpv4/dhcpv6 values, this only applies to the management-ip entries
matching the IP protocol. For example, for dhcpv4 value, user can't manually change IPv4 management-ip but user can
change IPv6 management-ip.

quiet-boot
Enables or disables the quiet boot feature. The default value is enabled. When enabled, the system suppresses
informational text on the console during the boot cycle.

remote-host
Configures a remote host in the /etc/hosts file. The default value is none. You must enter both an IP address and a
fully qualified domain name (FQDN) or alias for each host that you want to add to the file.

username-prompt
Specifies the text to present above the user name field on the system's login screen.