gtm global-settings general¶

gtm global-settings general(1) BIG-IP TMSH Manual gtm global-settings general(1)

NAME
general - Configures the general settings for the Global Traffic Manager.

MODULE
gtm global-settings

SYNTAX
Modify or display the general component within the gtm global-settings module using the syntax in the
following sections.

MODIFY
modify general
options:
automatic-configuration-save-timeout [integer]
auto-discovery [no | yes]
auto-discovery-interval [integer]
cache-ldns-servers [no | yes]
domain-name-check [allow-underscore | none]
drain-persistent-requests [no | yes]
forward-status [enable | disable]
gtm-sets-recursion [no | yes]
heartbeat-interval [integer]
iquery-cipher-list [string]
iquery-crl-validation-depth [full | device]
iquery-minimum-tls-version [string]
iquery-reverify-on-crl-becoming-active [no | yes]
iquery-reverify-on-crl-expiring [no | yes]
iquery-reverify-on-crl-file-update [no | yes]
iquery-use-expired-crls [no | yes ]
iquery-use-not-yet-active-crls [no | yes]
iquery-use-revoked-certs [never | existing | always]
monitor-disabled-objects [no | yes]
nethsm-timeout [integer]
nsec3-types-bitmap-strict [enable | disable]
peer-leader [name]
send-wildcard-rrs [enable | disable]
static-persist-cidr-ipv4 [integer]
static-persist-cidr-ipv6 [integer]
synchronization [no | yes]
synchronization-group-name [name]
synchronization-time-tolerance [integer]
synchronization-timeout [integer]
synchronize-zone-files [no | yes]
synchronize-zone-files-timeout [integer]
topology-allow-zero-scores [no | yes]
virtuals-depend-on-server-state [no | yes]
wideip-zone-nameserver [string]

edit general
options:
all-properties
non-default-properties
one-line

DISPLAY
list
list general
show running-config general
show running-config general [option name]
options:
all-properties
non-default-properties

DESCRIPTION
You can use the general component to modify or display the General Traffic Manager settings.

EXAMPLES
modify general auto-discovery no

Turns off auto-discovery for the Global Traffic Manager.

list general all-properties

Displays all properties of the general settings for the Global Traffic Manager.

OPTIONS
automatic-configuration-save-timeout
Sets the timeout, in seconds, indicating how long to wait after a GTM configuration change before
automatically saving the GTM configuration to the bigip_gtm.conf. A timeout of -1 will cause the GTM
configuration to NEVER be saved. A value of 0 will cause the GTM configuration to be saved immediately.
The default value is 15 seconds.

auto-discovery
Specifies whether the auto-discovery process is activated for this system. The default value is no.

auto-discovery-interval
Specifies the frequency, in seconds, between system attempts to discover network components. The default
value is 30.

cache-ldns-servers
Specifies whether the system retains, in cache, all local DNS servers that make requests. The default
value is yes.

You must enable this option if you want the system to store and use the LDNS path information.

domain-name-check
Specifies the parameters for the Global Traffic Manager to use when performing domain name checking. The
default value is allow-underscore.

The possible values are:

allow-underscore
The Global Traffic Manager checks domain names according to the specifications in RFC 1123
Requirements for Internet Hosts - Application and Support, except that underscores are allowed.

none
No validation is performed. Anything is allowed.

idn-compatible
Deprecated since v12.1.0. Equivalent to allow-underscore. Value of idn-compatible will be saved as
allow-underscore.

strict
Deprecated since v12.1.0. Equivalent to allow-underscore. Value of strict will be saved as allow-
underscore.

drain-persistent-requests
Specifies, when set to yes, that when you disable a pool, load-balanced, persistent connections remain
connected until the TTL expires. The default value is yes. If you set this option to no, any persistent
connections terminate immediately when a pool is disabled.

forward-status
Specifies, when set to enabled, that the availability status change for GTM objects will be shared with
subscribers. This option will enable iControl clients to receive event notifications when a change
occurs.

gtm-sets-recursion
Specifies, when set to yes, that the system enables recursive DNS queries, regardless of whether the
requesting local DNS enabled recursive queries. The default value is no.

heartbeat-interval
Specifies the frequency at which the Global Traffic Manager queries other BIG-IP(r) systems for updated
data. When configuring monitors for BIG-IP systems, F5 Networks recommends that the probe-interval option
for the monitor be equal to or greater than the this option. The default value is 10.

iquery-cipher-list
This is a ":" separated list of cipher specifications as accepted by the "openssl ciphers" command.
OpenSSL will use the cipher list to negotiate a mutually acceptable cipher with the server during iQuery
connection setup.

iquery-crl-validation-depth
Determines which CRL(s) are required during certificate validation for iQuery connections. The default
value is full.

The possible values are:

full
A CRL must exist for every certificate authority in the certificate chain.

device
A CRL must exist for the certificate authority that issued the certificate. CRL(s) for other
certificate authorities in the certificate chain are not used.

iquery-minimum-tls-version
This is a string to specify the minimum TLS version that will be offered by the client (GTM) during
iQuery connection negotiation.

iquery-reverify-on-crl-becoming-active
Specifies, when set to yes, that all existing iQuery connections will have their certificates reverified
whenever a whenever a CRL becomes active (thisUpdate is reached). The default value is yes.

iquery-reverify-on-crl-expiring
Specifies, when set to yes, that all existing iQuery connections will have their certificates reverified
whenever a CRL expires (nextUpdate is reached). The default value is yes.

iquery-reverify-on-crl-file-update
Specifies, when set to yes, that all existing iQuery connections will have their certificates reverified
whenever the CRL file is updated. The default value is yes.

iquery-send-wildcard-rrs
Specifies, when set to enable, that WideIPs or WideIP aliases that contain wildcards will autogenerate
Resource Records in the BIND database. The default value is disable.

iquery-use-expired-crls
Specifies, when set to yes, that the validation of an iQuery SSL certificate can use an expired CRL (the
\"nextUpdate\" field of the CRL in the past). The default value is yes.

iquery-use-not-yet-active-crls
Specifies, when set to yes, that the validation of an iQuery SSL certificate can use a not yet active CRL
(the \"thisUpdate\" field of the CRL in the future). The default value is yes.

iquery-use-revoked-certs Specifies the action to take when a certificate is found to be revoked during the
verification of an iQuery connection.
The options are:

never
Do not allow the usage of revoked certificates. All new connections that are found to be revoked will
be rejected. Any existing connections that are found to now be revoked will be disconnected.

existing
Only allow the usage of revoked certificates on previously established iQuery connections. Reject all
new connections with certificates that are found to be revoked.

always
Allow the usage of revoked certificates on all new and existing iQuery connections.

monitor-disabled-objects
Specifies, when set to yes, that the system will continue to monitor objects even if the objects are
disabled. The default value is no.

nethsm-timeout
Time to wait on a NetHSM key creation operation for DNSSEC before retry. Default is 20 seconds.

nsec3-types-bitmap-strict
When the nsec3-types-bitmap-strict setting has a default value of disabled the BIG-IP responds
permissively to DS record queries when authenticating denial of existence. That is to say, the NSEC3
types bitmap will contain NS, even if we cannot be sure such a record exists.

When the setting is set to non-default value enabled (ie strict), the BIG-IP will only confirm the
existence of the NS record (via the types bitmap of the NSEC3) when the zone is configured as an
unsecured delegation on the DNSSEC Zone. If it is not configured, the BIG-IP will respond with TXT in the
types bitmap.

peer-leader
Specifies the name of a GTM server to be used for executing certain features, such as creating DNSSEC
keys.

send-wildcard-rrs
Specifies, when set to enable, that WideIPs or WideIP aliases that contain wildcards will autogenerate
Resource Records in the BIND database. The default value is disable.

static-persist-cidr-ipv4
Specifies the number of bits of the IPv4 address that the system considers when using the Static Persist
load balancing mode. The default value is 32.

static-persist-cidr-ipv46
Specifies the number of bits of the IPv6 address that the system considers when using the Static Persist
load balancing mode. The default value is 128.

synchronization
Specifies whether this system is a member of a synchronization group. The default value is no.

Members of the synchronization group continuously share configuration and metrics collection information.
The synchronization group can contain Global Traffic Managers and Link Controllers.

synchronization-group-name
Specifies the name of the synchronization group to which the system belongs. The default name is default.

synchronization-time-tolerance
Specifies the number of seconds that one system clock can be out of sync with another system clock, in
the synchronization group. If the variance between the clock times is higher than the time tolerance
setting, the system logs the time difference once per hour.

Possible values are 0 (zero), and 5 - 600. (Values 1 through 4 are automatically set to 5, and 0 (zero)
turns time synchronization off.) The default value is 10 seconds.

Note: If you are using NTP to synchronize the clock with a time server, select a time tolerance other
than 0 (zero). When you do this, the system uses the synchronization-time-tolerance option as a fail-over
mechanism if NTP is disabled for any reason.

synchronization-timeout
Specifies the number of seconds that the system attempts to synchronize the Global Traffic Manager
configuration with a synchronization group member. If the synchronization times out, the system tries
again. The default value is 180.

synchronize-zone-files
Specifies whether the system synchronizes zone files among the synchronization group members. The default
value is no.

synchronize-zone-files-timeout
Specifies the number of seconds that a synchronization group member attempts to synchronize its zone
files with a synchronization group member. If the synchronization times out, the system tries again. The
default value is 300.

topology-allow-zero-scores
Specifies if topology load-balancing or QoS load-balancing with topology enabled will return pool members
with zero topology scores. The default value is yes.

virtuals-depend-on-server-state
Specifies whether the system marks a virtual server down when the server on which the virtual server is
configured can no longer be reached via iQuery. The default value is yes.

wideip-zone-nameserver
Specifies the DNS Nameserver to use for all NS records for automatically generated DNS Zones created for
all Wide IPs. It should be set to a registered DNS Nameserver for the Wide IPs.

SEE ALSO
edit, gtm global-settings load-balancing, gtm global-settings metrics, gtm global-settings metrics-exclusions,
list, modify, show, tmsh

COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

BIG-IP 2020-03-04 gtm global-settings general(1)