security firewall global-fqdn-policy
security firewall global-fqdn-policy(1) BIG-IP TMSH Manual security firewall global-fqdn-policy(1)
NAME
global-fqdn-policy - Configures the global fqdn policy which is used to resolve FQDN names to IP Address
mappings for the FQDN names that are specified in the firewall rules.
MODULE
security firewall
SYNTAX
Modify the global-fqdn-policy component within the security firewall module using the syntax shown in the
following sections.
MODIFY
modify global-fqdn-policy
options:
app-service [name]
description [string]
dns-resolver [ [resolver_name] | none ]
refresh-interval [integer]
edit global-fqdn-policy
options:
all-properties
non-default-properties
one-line
partition
recursive
DISPLAY
list global-fqdn-policy
show running-config global-fqdn-policy
options:
all-properties
non-default-properties
one-line
partition
recursive
DESCRIPTION
You can use the global-fqdn-policy component to configure a net dns-resolver that will be used by firewall to
resolve FQDN names to IP Address mappings. These mappings in turn will be used to match firewall rules (across
all policies on all contexts) based on FQDN constraints.
EXAMPLES
modify global-fqdn-policy dns-resolver xyz
Modifies the global-fqdn-policy to use dns resolver object named 'xyz'. Default refresh-interval is 60
seconds.
modify global-fqdn-policy dns-resolver xyz refresh-interval 120
Modifies the global-fqdn-policy to use dns resolver object named 'xyz' and specify periodic refresh rate of
120 seconds (2 minutes) to re-resolve FQDN-to-IP mappings.
list global-fqdn-policy
Displays the current list of global-fqdn-policy contents.
OPTIONS
app-service
Specifies the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the Application Service that owns the object, you cannot modify or
delete the object. Only the Application Service can modify or delete the object.
description
User defined description.
dns-resolver
Specifies an existing net dns-resolver. This will be used by firewall to obtain FQDN-to-IP Address
mappings which will be used to match firewall rules based on FQDN constraints. Note dns-resolver none can
be used to remove the object from global-fqdn-policy if and only if there are no AFM rules with (non
empty) FQDN constraints.
refresh-interval
Specifies refresh interval to be used to re-resolve FQDN-to-IP mappings. Unit is in seconds and default
is 60 seconds. Minimum allowed is 5 seconds and maximum is 2,764,800 (=32 days) seconds.
SEE ALSO
create, edit, list, modify, security firewall, security firewall policy, net dns-resolver tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2015. All rights reserved.
BIG-IP 2018-10-12 security firewall global-fqdn-policy(1)