pem forwarding-endpoint
pem forwarding-endpoint(1) BIG-IP TMSH Manual pem forwarding-endpoint(1)
NAME
forwarding-endpoint - Configures forwarding endpoints for the Policy Enforcement Manager (PEM).
MODULE
pem
SYNTAX
Modify the forwarding-endpoint component within the pem module using the syntax shown in the following
sections.
CREATE/MODIFY
create forwarding-endpoint [name]
modify forwarding-endpoint [name]
options:
app-service [[string] | none]
description [[string] | none]
persistence {
options:
type [destination-ip | disabled | hash | source-ip]
fallback [destination-ip | disabled | source-ip]
hash-settings {
options:
algorithm [carp ]
length [integer]
offset [integer]
source [tcl-snippet | uri]
tcl-value [string]
}
}
pool [name]
snat-pool [name]
source-port [change | preserve | preserve-strict]
translate-address [disabled | enabled]
translate-service [disabled | enabled]
edit forwarding-endpoint [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list forwarding-endpoint
list forwarding-endpoint [ [ [name] | [glob] | [regex] ] ... ]
show running-config forwarding-endpoint
show running-config forwarding-endpoint [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
DELETE
delete forwarding-endpoint [name]
Note: All references to the forwarding-endpoint must be removed before it can be deleted.
DESCRIPTION
forwarding-endpoint is used to specify PEM policy forwarding action(s).
Note: A valid LTM pool with at least one member must be pre-configured before creating a forwarding-endpoint.
Please refer to ltm pool for more info about configuring LTM pools.
EXAMPLES
create forwarding-endpoint my_endpoint { pool my_pool snatpool my_snatpool source-port preserved translate-
address enabled translate-service enabled }
Creates a Policy Enforcement Manager forwarding endpoint named my_endpoint.
delete forwarding-endpoint my_endpoint
Deletes the forwarding-endpoint named my_endpoint.
list forwarding-endpoint my_endpoint
Displays the properties of the forwarding-endpoint named my_endpoint.
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, user
cannot modify or delete the object. Only the application service can modify or delete the object.
description
Specifies a user-defined description.
persistence
Allows to set a specific persistence method for the pool member selection.
fallback
Specifies the fallback persistence method so that it applies when default persistence fail.
The options are:
destination-ip
Map the destination ip address to a specific pool member so that subsequent traffic sent to
this address is directed to the same pool member.
source-ip
Map the source ip address to a specific pool member so that subsequent traffic from this
address is directed to the same pool member.
disabled
Specifies that this feature is disabled.
hash-settings
Specifies the settings for the hash persistence method.
algorithm
Specifies the algorithm to calculate the hash value. Currently only the carp algorithm is
available.
length
Specifies the length of the source string used to calculate hash value. Default value of length
is 1024.
offset
Specifies the offset in bytes from start of the source string to calculate the hash value.
Default value of offset is 0.
source
Specifies the source for the string value which is used to calculate hash value.
tcl-value
Specifies the tcl script snippet so that when this script is executed its result used to
calculate the hash value.
type Specifies the persistence method.
The options are:
destination-ip
Map the destination ip address to a specific pool member so that subsequent traffic sent to
this address is directed to the same pool member.
hash Map the hash value to a specific pool member so that subsequent traffic with the same hash
value is directed to the same pool member.
source-ip
Map the source ip address to a specific pool member so that subsequent traffic from this
address is directed to the same pool member.
disabled
Specifies that this feature is disabled.
pool Specifies the name of an LTM pool where the traffic is going to be directed to. Is used in the PEM policy
rule forwarding actions. Note that the pool must be pre-configured before it can be referenced by a
forwarding action.
snat-pool
Specifies the name of an existing LTM SNAT pool (snatpool) that is used to translate the client IP
address to one of the configured IP addresses in that SNAT pool. The Self-IP addresses of the BIG-IP
system must not be included in the SNAT pool. The default value is none.
source-port
Specifies whether the system preserves the source port of the connection. The default value is preserve.
The options are:
change
Specifies that the system changes the source port. This setting is useful for obfuscating internal
network address.
preserve
Specifies that the system preserves the value configured for the source port, unless the source port
from a particular snat is already in use, in which case the system uses a different port.
preserve-strict
Specifies that the system preserves the value configured for the source port. If the port is in use,
the system does not process the connection. F5 Networks recommends restricting the use of this
setting to cases that meet at least one of the following conditions:
The port is configured for UDP traffic.
The system is configured for nPath routing or is running in transparent mode (that is, there is
no translation of any other Layer 3 or Layer 4 field).
There is a one-to-one relationship between virtual IP addresses and node addresses, or
clustered multiprocessing (CMP) is disabled.
translate-address
Specifies, when enabled, that the system translates the original destination address of the virtual
server. When disabled, specifies that the system uses the address without translation. The default value
is disabled.
translate-service
Note that translate-service is really translate-port. It specifies, when enabled, that the system
translates the original destination port. When disabled, it specifies that the system uses the original
destination port without translation. The default value is disabled.
SEE ALSO
create, delete, edit, glob, list, modify, pem interception-endpoint, pem listener, pem policy, pem profile
diameter-endpoint, pem profile spm, pem reporting format-script, pem service-chain-endpoint, pem subscriber,
pem subscribers, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2014. All rights reserved.
BIG-IP 2016-01-07 pem forwarding-endpoint(1)