security firewall global-fqdn-policyΒΆ

security firewall global-fqdn-BIG-IP(TMsecuritylfirewall global-fqdn-policy(1)



NAME
       global-fqdn-policy - Configures the global fqdn policy which is used to
       resolve FQDN names to IP Address mappings for the FQDN names that are
       specified in the firewall rules.

MODULE
       security firewall

SYNTAX
       Modify the global-fqdn-policy component within the security firewall
       module using the syntax shown in the following sections.

   MODIFY
	modify global-fqdn-policy
	 options:
	  app-service [name]
	  description [string]
	  dns-resolver [ [resolver_name] | none ]
	  refresh-interval [integer]

	edit global-fqdn-policy
	  options:
	    all-properties
	    non-default-properties
	    one-line
	    partition
	    recursive

   DISPLAY
	list global-fqdn-policy
	show running-config global-fqdn-policy
	 options:
	    all-properties
	    non-default-properties
	    one-line
	    partition
	    recursive

DESCRIPTION
       You can use the global-fqdn-policy component to configure a net dns-
       resolver that will be used by firewall to resolve FQDN names to IP
       Address mappings. These mappings in turn will be used to match firewall
       rules (across all policies on all contexts) based on FQDN constraints.

EXAMPLES
       modify global-fqdn-policy dns-resolver xyz

       Modifies the global-fqdn-policy to use dns resolver object named 'xyz'.
       Default refresh-interval is 60 minutes.

       modify global-fqdn-policy dns-resolver xyz refresh-interval 120

       Modifies the global-fqdn-policy to use dns resolver object named 'xyz'
       and specify periodic refresh rate of 120 minutes (2 hours) to re-
       resolve FQDN-to-IP mappings.

       list global-fqdn-policy

       Displays the current list of global-fqdn-policy contents.

OPTIONS
       app-service
	    Specifies the application service to which the object belongs. The
	    default value is none. Note: If the strict-updates option is
	    enabled on the Application Service that owns the object, you
	    cannot modify or delete the object. Only the Application Service
	    can modify or delete the object.

       description
	    User defined description.

       dns-resolver
	    Specifies an existing net dns-resolver. This will be used by
	    firewall to obtain FQDN-to-IP Address mappings which will be used
	    to match firewall rules based on FQDN constraints. Note dns-
	    resolver none can be used to remove the object from global-fqdn-
	    policy if and only if there are no AFM rules with (non empty) FQDN
	    constraints.

       refresh-interval
	    Specifies refresh interval to be used to re-resolve FQDN-to-IP
	    mappings.  Unit is in minutes and default is 60 minutes. Minimum
	    allowed is 10 minutes and maximum is 46080 minutes.

SEE ALSO
       create, edit, list, modify, security firewall, security firewall
       policy, net dns-resolver tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008, 2012-2015. All rights
       reserved.



BIG-IP				  2016-security firewall global-fqdn-policy(1)