sys global-settings¶

sys global-settings(1) BIG-IP TMSH Manual sys global-settings(1)

NAME
global-settings - Configures the global system settings for a BIG-IP(r) system.

MODULE
sys

SYNTAX
Configure the global-settings component within the sys module using the syntax in the following sections.

MODIFY
modify global-settings
options:
aws-access-key [string]
aws-secret-key [string]
aws-api-max-concurrency [integer]
file-blacklist-path-prefix [string]
file-blacklist-read-only-path-prefix [string]
file-whitelist-path-prefix [string]
console-inactivity-timeout [integer]
custom-addr [IP address]
description [string]
failsafe-action [go-offline | reboot | restart-all |
go-offline-restart-tm | failover-restart-tm]
file-local-path-prefix [local path prefix]
gui-audit [disabled | enabled]
gui-expired-cert-alert [disabled | enabled]
gui-security-banner [disabled | enabled]
gui-security-banner-text [string]
gui-setup [disabled | enabled]
host-addr-mode [custom | management | state-mirror]
hostname [string]
hosts-allow-include [string]
lcd-display [disabled | enabled]
net-reboot [disabled | enabled]
password-prompt [string]
mgmt-dhcp [dhcpv4 | dhcpv6 | disabled | enabled]
quiet-boot [disabled | enabled]
remote-host [add | delete | replace-all-with] {
[name]... {
options:
addr [IP address]
hostname [string]
}
}
remote-host none
username-prompt [string]

edit global-settings
options:
all-properties
non-default-properties

DISPLAY
list global-settings
list global-settings [option]
show running-config global-settings
show running-config global-settings [option]
options:
all-properties
non-default-properties
one-line

DESCRIPTION
You can use the global-settings component to set up the BIG-IP system.

EXAMPLES
modify system remote-host add { bigip151 {addr 172.27.226.151 hostname bigip151.saxon.net} }

Sets up a remote host named bigip151 with an IP address of 172.27.226.151 and a hostname of
bigip151.saxon.net.

list global-settings all-properties

Displays all of the properties of the global system settings.

OPTIONS
aws-access-key
Amazon Web Services (AWS) supplied access key needed to make secure requests to AWS. The default value is
none.

aws-secret-key
Amazon Web Services (AWS) supplied secret key needed to make secure requests to AWS. The default value is
none.

aws-api-max-concurrency
Maximum concurrent connections allowed while making Amazon Web Service (AWS) api calls. The default value
is 1.

file-blacklist-path-prefix
Specifies the path prefixes that are disallowed for certain commands. The blacklist takes precedence over
the whitelist. It is used by the tmsh save/load sys config file command to disallow saving or loading
configuration. Example: The path prefix /shared/tmp/ is included both in the whitelist and blacklist.
Since, it is present in the blacklist, the configuration cannot be saved or loaded from the /shared/tmp/
location. The paths are specified in braces separated by spaces in quotes. ex: "{/shared/3dns/}
{/shared/bin/}".

file-blacklist-read-only-path-prefix
Specifies the read-only path prefixes that are disallowed for certain commands. It is used by the tmsh
save/load sys config file command to disallow saving or loading configuration. It is a read-only
attribute with value "{/etc/shadow}".

file-whitelist-path-prefix
Specifies the path prefixes that are valid for certain commands. It is used by the tmsh save/load sys
config file command for saving or loading configuration. The paths are specified in braces separated by
spaces in quotes. ex: "{/var/local/scf/} {/tmp/} {/shared/} {/config/}".

console-inactivity-timeout
Specifies the number of seconds of inactivity before the system logs off a user that is logged on. The
default value is 0 (zero), which means that no timeout is set. The valid range is 0 - 2147483647.

custom-addr
Specifies an IP address for the system. The default value is ::. The host-addr-mode option must be set to
custom in order for this setting to take effect.

description
Specifies a user defined description. The default value is no description.

failsafe-action
Specifies the action that the system takes when the switch board fails. The default value is go-offline-
restart-tm.

failover-restart-tm
Specifies that when the switch board fails the system restarts the traffic management system and
fails over to the other unit in a redundant pair.

go-offline
Specifies that when the switch board fails the system goes offline.

go-offline-restart-tm
Specifies that when the switch board fails the system goes offline and restarts the traffic
management system.

reboot
Specifies that after the active cluster fails over to its peer, it reboots while the peer processes
the traffic.

restart-all
Specifies that when the switch board fails the system restarts all system services.

file-local-path-prefix
Specifies a list of folder prefixes that can be applied for file objects. This is a space separated list
of folder prefixes, contained in curly braces. Example: "{file:///shared/}" or
"{file:///fileobjectfolder/} {/shared/}". By default the folders are "/shared/" and "/tmp/", represented
as "{/shared/} {/tmp/}".

gui-audit
Specifies whether or not system GUI log audit messages. If you disable this option, system GUI will not
log audit messages. The default value is disabled.

gui-expired-cert-alert
Specifies whether or not system GUI identify in use expired certificates and alert the user. If you
disable this option, system GUI will not monitor in use certificates. The default value is enabled.

gui-security-banner
Specifies whether the system presents on the login screen the text you specify in the gui-security-
banner-text option. If you disable this option, the system presents an empty frame in the right portion
of the login screen. The default value is enabled.

gui-security-banner-text
Specifies the text to present on the login screen when the gui-security-banner option is enabled. The
default value is Welcome to the BIG-IP Configuration Utility.

Note: To enter a carriage return in the text type Ctrl-V followed by Ctrl-J. Additionally, you must
escape special characters, such as a question mark(?), with a back slash.

gui-setup
Enables or disables the Setup utility in the browser-based Configuration utility. The default value is
enabled.

Note: When you configure a system using tmsh, disable this option. Disabling this option allows the
system administrators to use the browser-based Configuration utility without having to run the Setup
utility.

host-addr-mode
Specifies the type of host address you want to assign to the system. The default value is management. The
options are:

custom
Use this value to specify a custom IP address for the system using the custom-addr option.

management
Indicates that the host address is the management port of the system.

state-mirror
Use this value when the host address of the system is shared by the other system in a redundant
pair. In case of system failure, the traffic to the other system is routed to this system.

hostname
Specifies a local name for the system. The default value is bigip1.

hosts-allow-include
Warning: Do not use this parameter without assistance from the F5 Technical Support team. The system does
not validate the commands issued when you use the hosts-allow-include option. If you use this option
incorrectly, you put the functionality of the system at risk.

lcd-display
Enables or disables the LCD display on the front of the system. The default value is enabled.

net-reboot
Enables or disables the network reboot feature. The default value is disabled.

If you enable this feature and then reboot the system, the system boots from an ISO image on the network,
rather than from an internal media drive. Use this option only when you want to install software on the
system, for example, for an upgrade or a re-installation.

Note: An enabled value reverts to disabled after you reboot the system a second time.

password-prompt
Specifies the text to present above the password field on the system's login screen.

mgmt-dhcp
Specifies whether the system uses DHCPv4/DHCPv6 clients for acquiring the management interface IP
addresses. The option takes 4 possible values: dhcpv4, dhcpv6, disabled, enabled. dhcpv4 and dhcpv6
options only enable DHCPv4 or DHCPv6 client respectively. enabled and disabled options enable/disable
both DHCPv4 and DHCPv6 clients.

If this option is enabled, manually specified IP addresses for the management interface may be
overwritten if the network also contains a DHCP server (for the given IP protocol). If this option is
disabled, no DHCP server will be applied to the management interface, however any previously acquired
address will still be used. The default value is enabled for VE and disabled for all other platforms.
When this option is enabled, manual changes like create/delete on sys management-ip will not be allowed.
For dhcpv4/dhcpv6 values, this only applies to the management-ip entries matching the IP protocol. For
example, for dhcpv4 value, user can't manually change IPv4 management-ip but user can change IPv6
management-ip.

quiet-boot
Enables or disables the quiet boot feature. The default value is enabled. When enabled, the system
suppresses informational text on the console during the boot cycle.

remote-host
Configures a remote host in the /etc/hosts file. The default value is none. You must enter both an IP
address and a fully qualified domain name (FQDN) or alias for each host that you want to add to the file.

username-prompt
Specifies the text to present above the user name field on the system's login screen.