security firewall global-rulesΒΆ

security firewall global-rules(1)		  BIG-IP TMSH Manual		    security firewall global-rules(1)

NAME
       global-rules - Configures the global network firewall rules. These firewall rules are applied to all packets
       except those going through the management interface. They are applied first, before any firewall rules for the
       packet's virtual server, route domain, and/or self IP.

MODULE
       security firewall

SYNTAX
   MODIFY
	modify global-rules
	 options:
	  description [string]
	  enforced-policy [ [policy_name] | none ]
	  staged-policy [ [policy_name] | none ]
	  service-policy [ [policy_name] | none ]

	edit global-rules
	  options:
	    all-properties
	    non-default-properties

	reset-stats global-rules
	  enforced-policy-rules { [rule name] }
	  staged-policy-rules  { [rule name] }

	  options:
	    fw-context-stat
	    port-misuse

   DISPLAY
	list global-rules
	show running-config global-rules

	show global-rules
	  active
	  enforced-policy-rules
	  staged-policy-rules

	  options:
	    fw-context-stat
	    port-misuse
	    overlapping-status

DESCRIPTION
       You can use the global-rules component to configure network firewall policy which is enforced or staged on all
       IP and ICMP traffic except traffic on the management IP.

EXAMPLES
       list global-rules

	security firewall global-rules {
	    enforced-policy /Common/policy1
	}

       Displays the current list of global rules.

OPTIONS
       description
	    Your description for the global list of firewall rules.

       enforced-policy
	    Specifies an enforced firewall policy. enforced-policy rules are enforced globally.

       enforced-policy-rules
	    Specifies firewall rules enforced on traffic globally via referenced enforced-policy.

       overlapping-status
	    Display detail overlapping information

       port-misuse
	    Used to show or reset global port misuse policy statistics.

       fw-context-stat
	    Used to show or reset firewall statistics for the global rules.

       staged-policy
	    Specifies a staged firewall policy. staged-policy rules are not enforced while all the visibility aspects
	    namely statistics, reporting and logging function as if the staged-policy rules were enforced globally.

       staged-policy-rules
	    Specifies firewall rules staged on traffic globally via referenced staged-policy.

       service-policy
	    Specifies a service policy that would apply to traffic globally. The service policy is applied to all
	    flows, provided if there are no other context specific service policy configuration that overrides the
	    global service policy. For example, when a service policy is configured both at a global level, as well
	    as on a firewall rule, and a flow matches the rule, the more specific service policy configuration in the
	    rule will override the service policy setting at the global level. The service policy associated here can
	    be created using net service-policy command.

SEE ALSO
       edit, list, modify, security firewall address-list, security firewall port-list, security firewall rule-list,
       security log profile, security firewall schedule, tmsh, security firewall policy, net service-policy

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or
       mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
       other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2015-2016. All rights reserved.

BIG-IP						      2017-09-06		    security firewall global-rules(1)