pem forwarding-endpoint

pem forwarding-endpoint(1)			  BIG-IP TMSH Manual			   pem forwarding-endpoint(1)

NAME
       forwarding-endpoint - Configures forwarding endpoints for the Policy Enforcement Manager (PEM).

MODULE
       pem

SYNTAX
       Modify the forwarding-endpoint component within the pem module using the syntax shown in the following
       sections.

   CREATE/MODIFY
	create forwarding-endpoint [name]
	modify forwarding-endpoint [name]
	  options:
	    app-service [[string] | none]
	    description [[string] | none]
	    persistence {
	      options:
		type [destination-ip | disabled | hash | source-ip]
		fallback [destination-ip | disabled | source-ip]
		hash-settings {
		  options:
		    algorithm [carp ]
		    length [integer]
		    offset [integer]
		    source [tcl-snippet | uri]
		    tcl-value [string]
		}
	    }
	    pool [name]
	    snat-pool [name]
	    source-port [change | preserve | preserve-strict]
	    translate-address [disabled | enabled]
	    translate-service [disabled | enabled]

	edit forwarding-endpoint [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list forwarding-endpoint
	list forwarding-endpoint [ [ [name] | [glob] | [regex] ] ... ]
	show running-config forwarding-endpoint
	show running-config forwarding-endpoint [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties
	    one-line
	    partition

   DELETE
	delete forwarding-endpoint [name]

       Note: All references to the forwarding-endpoint must be removed before it can be deleted.

DESCRIPTION
       forwarding-endpoint is used to specify PEM policy forwarding action(s).

       Note: A valid LTM pool with at least one member must be pre-configured before creating a forwarding-endpoint.
       Please refer to ltm pool for more info about configuring LTM pools.

EXAMPLES
       create forwarding-endpoint my_endpoint { pool my_pool snatpool my_snatpool source-port preserved translate-
       address enabled translate-service enabled }

       Creates a Policy Enforcement Manager forwarding endpoint named my_endpoint.

       delete forwarding-endpoint my_endpoint

       Deletes the forwarding-endpoint named my_endpoint.

       list forwarding-endpoint my_endpoint

       Displays the properties of the forwarding-endpoint named my_endpoint.

OPTIONS
       app-service
	    Specifies the name of the application service to which the object belongs. The default value is none.
	    Note: If the strict-updates option is enabled on the application service that owns the object, user
	    cannot modify or delete the object. Only the application service can modify or delete the object.

       description
	    Specifies a user-defined description.

       persistence
	    Allows to set a specific persistence method for the pool member selection.

	    fallback
		 Specifies the fallback persistence method so that it applies when default persistence fail.

		 The options are:

		 destination-ip
		      Map the destination ip address to a specific pool member so that subsequent traffic sent to
		      this address is directed to the same pool member.

		 source-ip
		      Map the source ip address to a specific pool member so that subsequent traffic from this
		      address is directed to the same pool member.

		 disabled
		      Specifies that this feature is disabled.

	    hash-settings
		 Specifies the settings for the hash persistence method.

		 algorithm
		      Specifies the algorithm to calculate the hash value. Currently only the carp algorithm is
		      available.

		 length
		      Specifies the length of the source string used to calculate hash value. Default value of length
		      is 1024.

		 offset
		      Specifies the offset in bytes from start of the source string to calculate the hash value.
		      Default value of offset is 0.

		 source
		      Specifies the source for the string value which is used to calculate hash value.

		 tcl-value
		      Specifies the tcl script snippet so that when this script is executed its result used to
		      calculate the hash value.

	    type Specifies the persistence method.

		 The options are:

		 destination-ip
		      Map the destination ip address to a specific pool member so that subsequent traffic sent to
		      this address is directed to the same pool member.

		 hash Map the hash value to a specific pool member so that subsequent traffic with the same hash
		      value is directed to the same pool member.

		 source-ip
		      Map the source ip address to a specific pool member so that subsequent traffic from this
		      address is directed to the same pool member.

		 disabled
		      Specifies that this feature is disabled.

       pool Specifies the name of an LTM pool where the traffic is going to be directed to. Is used in the PEM policy
	    rule forwarding actions. Note that the pool must be pre-configured before it can be referenced by a
	    forwarding action.

       snat-pool
	    Specifies the name of an existing LTM SNAT pool (snatpool) that is used to translate the client IP
	    address to one of the configured IP addresses in that SNAT pool. The Self-IP addresses of the BIG-IP
	    system must not be included in the SNAT pool. The default value is none.

       source-port
	    Specifies whether the system preserves the source port of the connection. The default value is preserve.

	    The options are:

	    change
		 Specifies that the system changes the source port. This setting is useful for obfuscating internal
		 network address.

	    preserve
		 Specifies that the system preserves the value configured for the source port, unless the source port
		 from a particular snat is already in use, in which case the system uses a different port.

	    preserve-strict
		 Specifies that the system preserves the value configured for the source port. If the port is in use,
		 the system does not process the connection. F5 Networks recommends restricting the use of this
		 setting to cases that meet at least one of the following conditions:

		      The port is configured for UDP traffic.

		      The system is configured for nPath routing or is running in transparent mode (that is, there is
		      no translation of any other Layer 3 or Layer 4 field).

		      There is a one-to-one relationship between virtual IP addresses and node addresses, or
		      clustered multiprocessing (CMP) is disabled.

       translate-address
	    Specifies, when enabled, that the system translates the original destination address of the virtual
	    server. When disabled, specifies that the system uses the address without translation. The default value
	    is disabled.

       translate-service
	    Note that translate-service is really translate-port. It specifies, when enabled, that the system
	    translates the original destination port. When disabled, it specifies that the system uses the original
	    destination port without translation. The default value is disabled.

SEE ALSO
       create, delete, edit, glob, list, modify, pem interception-endpoint, pem listener, pem policy, pem profile
       diameter-endpoint, pem profile spm, pem reporting format-script, pem service-chain-endpoint, pem subscriber,
       pem subscribers, regex, show, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or
       mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
       other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008-2014. All rights reserved.

BIG-IP						      2016-01-07			   pem forwarding-endpoint(1)