ltm persistence sslΒΆ

ltm persistence ssl(1)	      BIG-IP TMSH Manual	ltm persistence ssl(1)



NAME
       ssl - Configures a Secure Socket Layer (SSL) persistence profile.

MODULE
       ltm persistence

SYNTAX
       Configure the ssl component within the ltm persistence module using the
       syntax in the following sections.

   MODIFY
	create ssl [name]
	modify ssl [name]
	  options:
	    all
	    app-service [[string] | none]
	    defaults-from [name]
	    description [string]
	    match-across-pools [ enabled | disabled]
	    match-across-services [enabled | disabled]
	    match-across-virtuals [enabled | disabled]
	    mirror [enabled | disabled]
	    override-connection-limit [enabled | disabled]
	    timeout [integer]

	edit ssl [ [ [name] | [glob] | [regex] ] ... ]
	 options:
	   all-properties
	   non-default-properties

	mv ssl [ [[source-name] [destination-name]] | [[name] to-folder [folder-name]] | [[name...name] to-folder [folder-name]] ]
	  options:
	    to-folder

   DISPLAY
	list ssl
	list ssl [ [ [name] | [glob] | [regex] ] ... ]
	show running-config ssl
	show running-config ssl [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all
	    all-properties
	    non-default-properties
	    one-line
	    partition

   DELETE
	delete ssl [name]
	  options:
	    all

DESCRIPTION
       You can use the ssl component to configure a destination address
       affinity persistence profile for the BIG-IP(r) system. SSL persistence
       is a type of persistence that tracks non-terminated SSL sessions, using
       the SSL session ID. Even when the client's IP address changes, the
       system still recognizes the connection as being persistent based on the
       session ID. Note that the term, non-terminated SSL sessions, refers to
       sessions in which the system does not perform the tasks of SSL
       certificate authentication and encryption/re-encryption.

       A persistence profile is a profile that enables persistence when you
       assign the profile to a virtual server. Using a persistence profile
       means that you do not have to write an iRule to implement a type of
       persistence. You can either use the default profile, or create a custom
       profile based on the default.

EXAMPLES
       list ssl

       Displays all SSL persistence profiles.

       create ssl ssl_persistence defaults-from ssl

       Creates a custom SSL persistence profile named ssl_persistence that
       inherits its settings from the default SSL persistence profile.

       mv ssl /Common/my_ssl_profile to-folder /Common/my_folder

       Moves a custom SSL persistence profile named my_ssl_profile to a folder
       named my_folder, where my_folder has already been created and exists
       within /Common.

OPTIONS
       app-service
	    Specifies the name of the application service to which the profile
	    belongs. The default value is none. Note: If the strict-updates
	    option is enabled on the application service that owns the object,
	    you cannot modify or delete the profile. Only the application
	    service can modify or delete the profile.

       defaults-from
	    Specifies the existing profile from which the system imports
	    settings for the new profile. The default value is ssl, the system
	    default cookie persistence profile.

       description
	    User defined description.

       glob Displays the items that match the glob expression. See help glob
	    for a description of glob expression syntax.

       match-across-pools
	    Specifies, when enabled, that the system can use any pool that
	    contains this persistence record. The default value is disabled.

       match-across-services
	    Specifies, when enabled, that all persistent connections from a
	    client IP address, which go to the same virtual IP address, also
	    go to the same node. The default value is disabled.

       match-across-virtuals
	    Specifies, when enabled, that all persistent connections from the
	    same client IP address go to the same node. The default value is
	    disabled.

       mirror
	    Specifies whether the system mirrors persistence records to the
	    high-availability peer. The default value is disabled.

       name Specifies a unique name for the component. This option is required
	    for the commands create, delete, and modify.

       override-connection-limit
	    Specifies, when enabled, that the pool member connection limits
	    are not enforced for persisted clients. Per-virtual connection
	    limits remain hard limits and are not disabled. The default value
	    is disabled.

       partition
	    Displays the administrative partition within which the component
	    resides.

       regex
	    Displays the items that match the regular expression. The regular
	    expression must be preceded by an at sign (@[regular expression])
	    to indicate that the identifier is a regular expression. See help
	    regex for a description of regular expression syntax.

       timeout
	    Specifies the duration of the persistence entries. The default
	    value is 300 seconds.

       to-folder
	    ssl persistence profiles can be moved to any folder under /Common,
	    but configuration dependencies may restrict moving the profile out
	    of /Common.

SEE ALSO
       create, delete, edit, glob, list, ltm virtual, modify, mv, regex, show,
       tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008-2010, 2012. All rights
       reserved.



BIG-IP				  2014-01-14		ltm persistence ssl(1)