Appendix B: Additional Declarations

This section contains a number of additional example declarations you can use. The numbering of these examples continues from the Examples section. Use the links on the left to go directly to a specific example.

If you want to see an example that uses all of available AS3 properties, see the all properties declaration.

Note

Some of the examples may be in multiple categories.

HTTP Services

• HTTP Services
  • 1: HTTP with custom persistence
  • 2: HTTP with no compression, BIG-IP TCP profile, iRule for pool
  • 3: HTTP with additional virtual service for corporate clients
  • 4: HTTP and HTTPS virtual services in one declaration
  • 5: Two applications sharing a pool
  • 6: One tenant with three applications
  • 6a: Single application with multiple services
  • 7: Virtual server listening on multiple ports on the same address
  • 8: Using a Local Traffic Policy to forward HTTP Requests

TLS Encryption

• TLS Encryption
  • 1: Referencing an existing SSL certificate and key in the Common partition
  • 2: Using multiple SSL/TLS certificates in a single profile
  • 3: Using matchToSNI with a TLS_Server profile
  • 4: Using PKCS 12 in a declaration
  • 5: Enabling and disabling Server SSL from Endpoint policies
  • 6: HTTP and HTTPS virtual services in one declaration
  • 7: Using a client and server TLS profile in the same declaration
  • 8: Using Client Certificate Constrained Delegation (C3D) features in a declaration
  • 9: Securing client and server side LDAP traffic
  • 10: Using OCSP Certificate Validation in a declaration
  • 11: Using the staplerOCSP parameter in a certificate

Non-HTTP Services

• Non-HTTP Services
  • 1: UDP virtual service
  • 2: TCP load-balanced to ICAP with custom monitor
  • 3: Using BIG-IP DNS features in a declaration
  • 4: Using a FIX profile and data groups in a declaration
  • 5: Using tcpOptions in a TCP Profile
  • 6: Using GSLB features in a declaration
  • 7: Service Discovery for virtual servers in GSLB Servers
  • 8: Creating a DNS cache in a declaration

Network Security

• Network Security
  • 1: Using Firewall Rules, Policies, and logging
  • 2: Using Firewall (Carrier Grade) NAT features in a declaration
  • 3: Securing SSH traffic with the SSH Proxy
  • 4: Using reject and accept-decisively actions in a firewall rule

Application Security

• Application Security
  • 1: Virtual service referencing an existing security policy
  • 2: Virtual service referencing an external security policy
  • 3: Endpoint policy with default rule to disable WAF
  • 4: Endpoint policy with SSL SNI Match conditions and HTTP action
  • 5: Using a Security log profile with Application Security
  • 6: Using Persist Actions in an Endpoint Policy
  • 7: Changing the enforcement mode of a WAF policy retrieved from a URL

DOS Protection

• Denial of Service
  • 1: Using a DoS profile in a declaration
  • 2: Using a DoS profile for Mobile Defense
  • 3: Using Accelerated Signatures and TLS Signatures in a DOS profile

Policy Enforcement

• Policy Enforcement
  • 1: Using BIG-IP PEM in a declaration

Health Monitors

• Health Monitors
  • 1: Using an LDAP monitor in a declaration
  • 2: Using a DNS monitor in a declaration
  • 3: Using an external monitor in a declaration
  • 4: Using a RADIUS monitor in a declaration
  • 4: Using an FTP monitor in a declaration
  • 5: Using certificates in an HTTPS monitor

Profiles

• Profiles
  • 1: Using an Analytics profile in a declaration
  • 2: Using an Analytics profile with a Capture filter
  • 3: Using a Multiplex (OneConnect) profile in a declaration
  • 4: Using existing FTP and SIP profiles in a declaration
  • 5: Using a Traffic Log profile in a declaration
  • 6: Using a WebSocket profile in a declaration
  • 7: Using a Rewrite profile in a declaration
  • 8: Using a DoS profile in a declaration
  • 9: Using a DoS profile for Mobile Defense
  • 10: Using a HTTP Acceleration profile in a declaration
  • 11: Using a Security log profile with Application Security
  • 12: Using a Stream profile in a declaration
  • 13: Creating an FTP profile in a declaration
  • 14: Referencing existing iRules LX Profiles
  • 15: Using the HTTP/2 profile in a declaration

Service Discovery

• Service Discovery
  • 1: Using Service Discovery to automatically populate a pool
  • 2: Using remote Service Discovery to automatically populate a pool with BIG-IP VE anywhere
  • 3: Using remote Service Discovery and sending the declaration to a remote BIG-IP
  • 4: Using an FQDN pool to identify pool members
  • 5: Event-Driven Service Discovery
  • 6: Service Discovery using HashiCorp Consul
  • 7: Service Discovery using HashiCorp Consul and CA Certificates
  • 8: Service Discovery using HashiCorp Consul without certificate validation
  • 9: Service Discovery for virtual servers in GSLB Servers

Miscellaneous Declarations

• Miscellaneous declarations
  • 1: Using PATCH to add a new Application to a Tenant
  • 2: Using the Service_Generic class
  • 3: Using Metadata in a declaration
  • 4: Virtual service allowing only specific VLANs
  • 5: Advertising a route for a Service Address
  • 6: Using Clone Pools in a declaration
  • 7: Sending multiple declarations in a single request (container)
  • 8: Sending multiple declarations in a single request (BIG-IQ)
  • 9: Using Splunk as a log destination
  • 10: Using shareNodes to reuse nodes across tenants
  • 11: Using the include property to reference one section of a declaration in another section

All AS3 Properties

• Declaration using all AS3 Properties