apm profile connectivity
apm profile connectivity(1) BIG-IP TMSH Manual apm profile connectivity(1)
NAME
connectivity - Configures a connectivity profile.
MODULE
apm profile
SYNTAX
Configure the connectivity component within the profile module using the syntax shown in the following
sections.
CREATE/MODIFY
create connectivity [name]
modify connectivity [name]
options:
adaptive-compression [enabled | disabled]
app-service [[string] | none]
citrix-client-bundle [[name] | default-citrix-client-bundle]
client-policy [add | delete | modify | replace-all-with] {
[name] {
android-ec {
device-lock-method [alphabetic | alphanumeric | any | numeric ]
enable-mobilesafe [true | false]
enforce-device-lock [true | false]
enforce-logon-mode [true | false]
logon-mode [native | web]
require-device-auth [true | false]
max-inactivity-time [integer]
min-passcode-length [integer]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
}
android-ep {
device-lock-method [alphabetic | alphanumeric | any | numeric ]
enable-mobilesafe [true | false]
enforce-device-lock [true | false]
enforce-logon-mode [true | false]
logon-mode [native | web]
max-inactivity-time [integer]
min-passcode-length [integer]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
}
chromeos-ec {
enforce-logon-mode [true | false]
logon-mode [native | web]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
}
macos-ec {
enforce-logon-mode [true | false]
logon-mode [native | web]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
}
ec {
component-update [yes | prompt | no]
location-dns [add | delete | modify | replace-all-with] {
[name]
}
reuse-winlogon-creds [true | false]
reuse-winlogon-session [true | false]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
save-servers-on-exit [true | false]
}
ios-ec {
enable-mobilesafe [true | false]
enforce-logon-mode [true | false]
logon-mode [native | web]
require-device-auth [true | false]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
vod-disconnect-timeout [integer]
}
ios-ep {
enable-mobilesafe [true | false]
enforce-logon-mode [true | false]
logon-mode [native | web]
enforce-pin-lock [true | false]
max-grace-period [integer]
save-password [true | false]
save-password-method [disk | memory]
save-password-timeout [integer]
}
oauth {
provider-name [name]
client-id [string]
scopes [string]
done-uri [string]
}
servers {
{
alias [[string] | none]
host [string]
}
...
}
}
}
compress-buffer-size [integer]
compress-cpu-saver [true | false]
compress-cpu-saver-high [integer]
compress-cpu-saver-low [integer]
compress-gzip-level [integer]
compress-gzip-memlevel [integer]
compress-gzip-window-size [integer]
compress-ingress [true | false]
compress-preferred-method [[string] | none]
compression [enabled | disabled]
compression-codecs [[string] | none]
customization-group [[string] | none]
defaults from [[name] | none]
deflate-compression-level [integer]
description [[string] | none]
location-specific [true | false]
tunnel-name [[string] | none]
edit connectivity [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list connectivity
list connectivity [ [ [name] | [glob] | [regex] ] ... ]
show running-config connectivity
show running-config connectivity [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
partition
show connectivity
show connectivity [name]
DELETE
delete connectivity [name]
DESCRIPTION
You can use the connectivity component to configure a connectivity profile. By using the connectivity profile,
you can configure L2 and L4 tunnels, compression, Windows and mobile client settings, and client component
downloads from F5 Networks and Citrix.
EXAMPLES
create connectivity myconnectivityprofile { }
Creates a connectivity profile named myconnectivityprofile that inherits its settings from the system
default connectivity profile.
OPTIONS
adaptive-compression
Enables or disables adaptive compression. Use this option to configure compression settings for
application tunnels and to optimize applications and RDP traffic. The default is enabled.
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the object. Only the application service can modify or delete the object.
citrix-client-bundle
Specifies the Citrix client bundle used by this connectivity profile. The default is default-citrix-
client-bundle.
client-policy
Adds, deletes, or modifies the client policy for any of the following clients:
android-ec Android Edge Client
android-ep Android Edge Portal
chromeos-ec Chrome OS Edge Client
macos-ec Mac OS F5 Access
ec Windows/OSX Edge Client
ios-ec iOS Edge Client
ios-ep iOS Edge Portal
Options (please refer to the SYNTAX section to see if a certain option is supported for a particular
client):
component-update
Specifies how the client handles automatic updates. The options are:
yes Automatically installs a client update when one is available.
prompt
Prompts the user about installing a client update.
No Disables the client from receiving automatic updates.
device-lock-method
Specifies the device lock quality that the client should enforce on the device. The options are:
alphabetic
Device passcode must contain at least alphabetic (or other symbol) characters.
alphanumeric
Device passcode must contain at least both numeric and alphabetic (or other symbol) characters.
any A device passcode must be set but does not matter what it is.
numeric
Device passcode must contain at least numeric characters.
enable-mobilesafe
Enables or disable MobileSafe checks. Use this option to configure whether client should execute the
MobileSafe security checks as part of the logon. The default is false.
enforce-device-lock
Specifies whether client should enforce a device passcode policy on the device. The default is true.
enforce-logon-mode
Specifies whether client should enforce a logon mode on the device. The default is false. Set to
true if external logon page is used.
logon-mode
Specifies logon mode to be enforced on the device. The default is native. Set to web if external
logon page is used.
enforce-pin-lock
Specifies whether client should enforce an app-level PIN before allowing access to the app. The
default is true.
location-dns
Specifies a list of DNS suffixes used by the Network Location Awareness feature of the client. This
list represents the internal network where local resources are available without the need of a
Network Access connection. The default is none.
max-grace-period
Specifies the length of time (in minutes) the app was taken to the background before the user will
be asked for a PIN. With the option set to 0, user will be asked for the PIN every time the app is
taken from the background. The default is 2.
max-inactivity-time
Sets the length of time (in minutes) since the user last touched the screen or pressed a button
before the device locks the screen. The default is 5.
min-passcode-length
Specifies the minimum required number of characters for the device passcode. The default is 4.
oauth
OAuth configuration for EDGE clients.
client-id
Specifies OAuth client identifier. The client identifier is not a secret; it is exposed by BIG-
IP APM virtual server. OAuth configuration is disabled if client-id is not specified. The
default is none.
done-uri
Specifies URI for OAuth client to be directed to when authentication complete of failed ("You
can close this tab" page). Default APM page is used when none is seelcted. The default is
none.
provider-name
Specifies the name of the OAuth provider (apm aaa oauth-provider). OAuth configuration is
disabled if none is not specified. The default is none.
scopes
Specifies scope of the OAuth access request. The value of the scopes parameter is expressed as
a list of space-delimited, case-sensitive strings. The strings are defined by the authorization
server. If the value contains multiple space-delimited strings, their order does not matter.
Only 0x20-0x21, 0x23-0x5B, 0x5D-0x7E characters are allowed. The default is none.
require-device-auth
Specifies whether device authentication is needed before accessing cached credentials. The default
is false.
reuse-winlogon-creds
Specifies whether client can reuse logon credentials entered by a user for a subsequent log in. The
default is false.
reuse-winlogon-session
Specifies whether client should attempt to use the same Windows logon session. The default is false.
save-password
Specifies whether client allows user password caching. The default is false.
save-password-method
Specifies whether client saves encrypted passwords on disk or caches passwords in memory only. The
default is disk.
save-password-timeout
Specifies the number of minutes that a cached password remains valid (applies only to in-memory
password caching). The default is 240.
save-servers-on-exit
Specifies whether client maintains a list of Access Policy Manager systems that the client accessed.
The default is true.
servers
Specifies a list of server and alias pairs in the client's server list.
compress-buffer-size
Specifies the size of compressed data for Network Access tunnels. The default is 4096.
compress-cpu-saver
Specifies whether the system monitors the percentage of CPU usage and adjusts compression rates
automatically when CPU usage reaches either the CPU saver high threshold or the CPU saver low threshold.
The default is true.
compress-cpu-saver-high
Specifies the percentage of CPU usage at which the system starts automatically decreasing the amount of
content being compressed, as well as the amount of compression which the system is applying. The default
is 90 percent.
compress-cpu-saver-low
Specifies the percentage of CPU usage at which the system resumes content compression at the user-defined
rates. The default is 75 percent.
compress-gzip-level
Specifies the degree to which the system compresses the content. Higher compression levels slow down the
compression process. The default is 6, which provides a higher amount of compression at the expense of
more CPU processing time. 1 is the lowest level and 9 is the highest level. 0 disables compression.
compress-gzip-memlevel
Specifies the number of kilobytes of memory that the system uses for internal compression buffers when
compressing data. You can select a value between 1 and 256. The default is 8192.
compress-gzip-window-size
Specifies the number of kilobytes in the window size that the system uses when compressing data. You can
select a value between 1 and 128. The default is 16384.
compress-ingress
Specifies whether incoming data is compressed. The default is false.
compress-preferred-method
Specifies the preferred method of data compression. The default is zlib.
compression
Enables or disables compression between the client and the server. The default is enabled.
compression-codecs
Specifies the available compression codecs for server-to-client connections. The server compares the
available compression types you configure with the available compression types on the client, and then
chooses the most effective mutual compression setting. Compression for the client is configured
separately. The default includes all three available codecs:
lzo Offers a balance between CPU resources and compression ratio, compressing more than deflate, but
with less CPU resources than bzip2.
deflate
Uses the least CPU resources, but compresses the least effectively.
bzip2
Uses the most CPU resources, but compresses the most effectively.
customization-group
Specifies which customization groups are applied. This option is required.
defaults-from
Specifies the profile from which this profile inherits properties that are not specified explicitly. The
default is connectivity.
deflate-compression-level
Specifies the level of compression performed by the deflate codec. The default is 1.
description
Specifies a user-defined description for the connectivity profile.
location-specific
Specifies whether or not this object contains one or more attributes with values that are specific to the
location where the BIG-IP device resides. The location-specific attribute is either true or false. When
using policy sync, mark an object as location-specific to prevent errors that can occur when policies
reference objects, such as authentication servers, that are specific to a certain location.
[name]
Specifies the profile that you want to use as the parent profile. The new profile inherits all settings
and values from the parent profile.
tunnel-name
Specifies the name of the tunnel through which data passes. The default is none.
SEE ALSO
apm aaa oauth-provider, apm profile, ltm virtual
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2013, 2015. All rights reserved.
BIG-IP 2020-01-31 apm profile connectivity(1)