security firewall global-fqdn-policyΒΆ

security firewall global-fqdn-policy(1) 	  BIG-IP TMSH Manual	      security firewall global-fqdn-policy(1)

NAME
       global-fqdn-policy - Configures the global fqdn policy which is used to resolve FQDN names to IP Address
       mappings for the FQDN names that are specified in the firewall rules.

MODULE
       security firewall

SYNTAX
       Modify the global-fqdn-policy component within the security firewall module using the syntax shown in the
       following sections.

   MODIFY
	modify global-fqdn-policy
	 options:
	  app-service [name]
	  description [string]
	  dns-resolver [ [resolver_name] | none ]
	  refresh-interval [integer]

	edit global-fqdn-policy
	  options:
	    all-properties
	    non-default-properties
	    one-line
	    partition
	    recursive

   DISPLAY
	list global-fqdn-policy
	show running-config global-fqdn-policy
	 options:
	    all-properties
	    non-default-properties
	    one-line
	    partition
	    recursive

DESCRIPTION
       You can use the global-fqdn-policy component to configure a net dns-resolver that will be used by firewall to
       resolve FQDN names to IP Address mappings. These mappings in turn will be used to match firewall rules (across
       all policies on all contexts) based on FQDN constraints.

EXAMPLES
       modify global-fqdn-policy dns-resolver xyz

       Modifies the global-fqdn-policy to use dns resolver object named 'xyz'. Default refresh-interval is 60
       seconds.

       modify global-fqdn-policy dns-resolver xyz refresh-interval 120

       Modifies the global-fqdn-policy to use dns resolver object named 'xyz' and specify periodic refresh rate of
       120 seconds (2 minutes) to re-resolve FQDN-to-IP mappings.

       list global-fqdn-policy

       Displays the current list of global-fqdn-policy contents.

OPTIONS
       app-service
	    Specifies the application service to which the object belongs. The default value is none. Note: If the
	    strict-updates option is enabled on the Application Service that owns the object, you cannot modify or
	    delete the object. Only the Application Service can modify or delete the object.

       description
	    User defined description.

       dns-resolver
	    Specifies an existing net dns-resolver. This will be used by firewall to obtain FQDN-to-IP Address
	    mappings which will be used to match firewall rules based on FQDN constraints. Note dns-resolver none can
	    be used to remove the object from global-fqdn-policy if and only if there are no AFM rules with (non
	    empty) FQDN constraints.

       refresh-interval
	    Specifies refresh interval to be used to re-resolve FQDN-to-IP mappings.  Unit is in seconds and default
	    is 60 seconds. Minimum allowed is 5 seconds and maximum is 2,764,800 (=32 days) seconds.

SEE ALSO
       create, edit, list, modify, security firewall, security firewall policy, net dns-resolver tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or
       mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
       other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008, 2012-2015. All rights reserved.

BIG-IP						      2018-10-12	      security firewall global-fqdn-policy(1)