security scrubber profile
security scrubber profile(1) BIG-IP TMSH Manual security scrubber profile(1)
NAME
profile - Configures a scrubber profile for use by firewall. A
scrubber-profile-default specifies monitors and method (how and where)
to be monitored and scrubbed.
MODULE
security scrubber
SYNTAX
Configure the scrubber-profile-default component within the security
scrubber profile module using the syntax in the following sections.
MODIFY
modify profile [name]
options:
advertisement-ttl [integer]
scrubber-categories action [add | delete | modify | none |
replace-all-with] {
[name] { advertisement-method [bgp-method | none-method |
silverline-method] | blacklist-category [string] | next-hop [IPv4
address] | next-hop-v6 [IPv6 address] | route-domain-name [string] |
app-service [[string] | none]}
}
scrubber-rt-domain action [add | delete | modify | none |
replace-all-with] {
[name] { absolute-threshold [integer] | advertisement-method
[bgp-method | none-method | silverline-method] next-hop [IPv4 address]
next-hop-v6 [IPv6 address] | percentage-threshold [integer] | route-
domain [string] |
scrubber-rd-network-prefix action [add | delete | modify |
none | replace-all-with] {
[name] { dst-ip [IP address] | mask [integer] | next-hop
[IP address] | app-service [[string] | none] }
}
}
}
scrubber-virtual-server action [add | delete | modify | none |
replace-all-with] {
[name] { absolute-threshold [integer] | advertisement-method
[bgp-method | none-method | silverline-method] | next-hop [IP address]
| percentage-threshold [integer] | vs-name [string] app-service
[[string] | none]}
}
silverline { url [string] user-id [string] user-passwd [string] }
app-service [[string] | none]
list profile [[name] | all | [property]]
show running-config profile [[name] | all | [property]]
options:
all-properties
non-default-properties
one-line
recursive
OPTIONS
app-service
Specifies the application service to which the object belongs. The
default value is none. Note: If the strict-updates option is
enabled on the Application Service that owns the object, you
cannot modify or delete the object. Only the Application Service
can modify or delete the object.
description
User defined description.
advertisement-ttl
Defines the scrubbing duration for all monitored entities in
seconds.
scrubber-categories
Defines how a blacklist-category to be scrubbed.
OPTIONS
advertisement-method
Defines a method to use to scrub a blacklist-category.
blacklist-category
Identifies a blacklist-category to be scrubbed.
next-hop
Defines the nexthop to be used for scrubbing/redirecting traffic
for IPv4 shuns.
next-hop-v6
Defines the nexthop to be used for scrubbing/redirecting traffic
for IPv6 shuns.
route-domain-name
Identifies a route-domain to be used for route advertisement.
OPTIONS
absolute-threshold
Defines bandwidth threshold which triggers scrubbing for
selected route domain.
advertisement-method
Defines a method to use to scrub a route domain.
percentage-threshold
Defines bandwidth threshold which triggers scrubbing for
selected route domain. The percentage is calculate based on
route-domain bandwidth value.
next-hop
Defines the nexthop to be used for scrubbing/redirecting IPv4
traffic.
next-hop-v6
Defines the nexthop to be used for scrubbing/redirecting IPv6
traffic.
route-domain-name
Identifies a route-domain to be used for route advertisement.
scrubber-rd-network-prefix
Defines subnets which to be used for scrubbing/redirecting
traffic. If is defined than the
scrubbing for parent route-domain would be ignored.
OPTIONS
dst-ip
Defines subnet to be used for redirection.
mask
Defines subnet mask to be used for redirection.
next-hop
Defines the nexthop to be used for scrubbing/redirecting traffic.
app-service
Specifies the application service to which the object belongs. The
default value is none. Note: If the strict-updates option is
enabled on the Application Service that owns the object, you cannot
modify or delete the object. Only the Application Service can
modify or delete the object.
scrubber-virtual-server
Defines how and when a virtual server to be scrubbed.
OPTIONS
absolute-threshold
Defines a bandwidth threshold which triggers scrubbing for a
selected virtual server.
advertisement-method
Defines a method to use to scrub a virtual server.
percentage-threshold
Defines bandwidth threshold which triggers scrubbing for selected
route domain. The percentage is calculate based on defined
virtual server bandwidth value.
next-hop
Defines the nexthop to be used for scrubbing/redirection traffic.
vs-name
Identifies a virtual server to be used for route advertisement.
app-service
Specifies the application service to which the object belongs.
The default value is none. Note: If the strict-updates option is
enabled on the Application Service that owns the object, you
cannot modify or delete the object. Only the Application Service
can modify or delete the object.
OPTIONS
url
Used to communicate with Silverline system.
user-id
Defines silverline user's user identification.
user-passwd
Defines silverline user's password.
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2016. All rights reserved.
BIG-IP 2016-10-17 security scrubber profile(1)