security firewall global-fqdn-policy
security firewall global-fqdn-BIG-IP(TMsecuritylfirewall global-fqdn-policy(1)
NAME
global-fqdn-policy - Configures the global fqdn policy which is used to
resolve FQDN names to IP Address mappings for the FQDN names that are
specified in the firewall rules.
MODULE
security firewall
SYNTAX
Modify the global-fqdn-policy component within the security firewall
module using the syntax shown in the following sections.
MODIFY
modify global-fqdn-policy
options:
app-service [name]
description [string]
dns-resolver [ [resolver_name] | none ]
refresh-interval [integer]
edit global-fqdn-policy
options:
all-properties
non-default-properties
one-line
partition
recursive
DISPLAY
list global-fqdn-policy
show running-config global-fqdn-policy
options:
all-properties
non-default-properties
one-line
partition
recursive
DESCRIPTION
You can use the global-fqdn-policy component to configure a net dns-
resolver that will be used by firewall to resolve FQDN names to IP
Address mappings. These mappings in turn will be used to match firewall
rules (across all policies on all contexts) based on FQDN constraints.
EXAMPLES
modify global-fqdn-policy dns-resolver xyz
Modifies the global-fqdn-policy to use dns resolver object named 'xyz'.
Default refresh-interval is 60 minutes.
modify global-fqdn-policy dns-resolver xyz refresh-interval 120
Modifies the global-fqdn-policy to use dns resolver object named 'xyz'
and specify periodic refresh rate of 120 minutes (2 hours) to re-
resolve FQDN-to-IP mappings.
list global-fqdn-policy
Displays the current list of global-fqdn-policy contents.
OPTIONS
app-service
Specifies the application service to which the object belongs. The
default value is none. Note: If the strict-updates option is
enabled on the Application Service that owns the object, you
cannot modify or delete the object. Only the Application Service
can modify or delete the object.
description
User defined description.
dns-resolver
Specifies an existing net dns-resolver. This will be used by
firewall to obtain FQDN-to-IP Address mappings which will be used
to match firewall rules based on FQDN constraints. Note dns-
resolver none can be used to remove the object from global-fqdn-
policy if and only if there are no AFM rules with (non empty) FQDN
constraints.
refresh-interval
Specifies refresh interval to be used to re-resolve FQDN-to-IP
mappings. Unit is in minutes and default is 60 minutes. Minimum
allowed is 10 minutes and maximum is 46080 minutes.
SEE ALSO
create, edit, list, modify, security firewall, security firewall
policy, net dns-resolver tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2015. All rights
reserved.
BIG-IP 2016-security firewall global-fqdn-policy(1)