pem forwarding-endpoint
pem forwarding-endpoint(1) BIG-IP TMSH Manual pem forwarding-endpoint(1)
NAME
forwarding-endpoint - Configures forwarding endpoints for the Policy
Enforcement Manager (PEM).
MODULE
pem
SYNTAX
Modify the forwarding-endpoint component within the pem module using
the syntax shown in the following sections.
CREATE/MODIFY
create forwarding-endpoint [name]
modify forwarding-endpoint [name]
options:
app-service [[string] | none]
description [[string] | none]
persistence {
options:
type [destination-ip | disabled | hash | source-ip]
fallback [destination-ip | disabled | source-ip]
hash-settings {
options:
algorithm [carp ]
length [integer]
offset [integer]
source [tcl-snippet | uri]
tcl-value [string]
}
}
pool [name]
snat-pool [name]
source-port [change | preserve | preserve-strict]
translate-address [disabled | enabled]
translate-service [disabled | enabled]
edit forwarding-endpoint [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list forwarding-endpoint
list forwarding-endpoint [ [ [name] | [glob] | [regex] ] ... ]
show running-config forwarding-endpoint
show running-config forwarding-endpoint [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
DELETE
delete forwarding-endpoint [name]
Note: All references to the forwarding-endpoint must be removed before
it can be deleted.
DESCRIPTION
forwarding-endpoint is used to specify PEM policy forwarding action(s).
Note: A valid LTM pool with at least one member must be pre-configured
before creating a forwarding-endpoint. Please refer to ltm pool for
more info about configuring LTM pools.
EXAMPLES
create forwarding-endpoint my_endpoint { pool my_pool snatpool
my_snatpool source-port preserved translate-address enabled translate-
service enabled }
Creates a Policy Enforcement Manager forwarding endpoint named
my_endpoint.
delete forwarding-endpoint my_endpoint
Deletes the forwarding-endpoint named my_endpoint.
list forwarding-endpoint my_endpoint
Displays the properties of the forwarding-endpoint named my_endpoint.
OPTIONS
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
user cannot modify or delete the object. Only the application
service can modify or delete the object.
description
Specifies a user-defined description.
persistence
Allows to set a specific persistence method for the pool member
selection.
fallback
Specifies the fallback persistence method so that it applies
when default persistence fail.
The options are:
destination-ip
Map the destination ip address to a specific pool member
so that subsequent traffic sent to this address is
directed to the same pool member.
source-ip
Map the source ip address to a specific pool member so
that subsequent traffic from this address is directed to
the same pool member.
disabled
Specifies that this feature is disabled.
hash-settings
Specifies the settings for the hash persistence method.
algorithm
Specifies the algorithm to calculate the hash value.
Currently only the carp algorithm is available.
length
Specifies the length of the source string used to
calculate hash value. Default value of length is 1024.
offset
Specifies the offset in bytes from start of the source
string to calculate the hash value. Default value of
offset is 0.
source
Specifies the source for the string value which is used
to calculate hash value.
tcl-value
Specifies the tcl script snippet so that when this
script is executed its result used to calculate the hash
value.
type Specifies the persistence method.
The options are:
destination-ip
Map the destination ip address to a specific pool member
so that subsequent traffic sent to this address is
directed to the same pool member.
hash Map the hash value to a specific pool member so that
subsequent traffic with the same hash value is directed
to the same pool member.
source-ip
Map the source ip address to a specific pool member so
that subsequent traffic from this address is directed to
the same pool member.
disabled
Specifies that this feature is disabled.
pool Specifies the name of an LTM pool where the traffic is going to be
directed to. Is used in the PEM policy rule forwarding actions.
Note that the pool must be pre-configured before it can be
referenced by a forwarding action.
snat-pool
Specifies the name of an existing LTM SNAT pool (snatpool) that is
used to translate the client IP address to one of the configured
IP addresses in that SNAT pool. The Self-IP addresses of the BIG-
IP system must not be included in the SNAT pool. The default value
is none.
source-port
Specifies whether the system preserves the source port of the
connection. The default value is preserve.
The options are:
change
Specifies that the system changes the source port. This
setting is useful for obfuscating internal network address.
preserve
Specifies that the system preserves the value configured for
the source port, unless the source port from a particular
snat is already in use, in which case the system uses a
different port.
preserve-strict
Specifies that the system preserves the value configured for
the source port. If the port is in use, the system does not
process the connection. F5 Networks recommends restricting
the use of this setting to cases that meet at least one of
the following conditions:
The port is configured for UDP traffic.
The system is configured for nPath routing or is running
in transparent mode (that is, there is no translation of
any other Layer 3 or Layer 4 field).
There is a one-to-one relationship between virtual IP
addresses and node addresses, or clustered
multiprocessing (CMP) is disabled.
translate-address
Specifies, when enabled, that the system translates the original
destination address of the virtual server. When disabled,
specifies that the system uses the address without translation.
The default value is disabled.
translate-service
Note that translate-service is really translate-port. It
specifies, when enabled, that the system translates the original
destination port. When disabled, it specifies that the system uses
the original destination port without translation. The default
value is disabled.
SEE ALSO
create, delete, edit, glob, list, modify, pem interception-endpoint,
pem listener, pem policy, pem profile diameter-endpoint, pem profile
spm, pem reporting format-script, pem service-chain-endpoint, pem
subscriber, pem subscribers, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2014. All rights reserved.
BIG-IP 2016-01-07 pem forwarding-endpoint(1)