Appendix B: Additional Declarations¶
This section contains a number of additional example declarations you can use. Use the following index, or the links on the right to go to a specific category of declaration.
If you want to see an example that uses all of available AS3 properties, see the all properties declaration.
Important
Most of the example declarations have been updated in the documentation for AS3 3.20 to remove any template that was specified, and rename any virtual services that used the name serviceMain to service. In AS3 3.20, the generic template is the default, which allows services to use any name.
This also means that many of these declarations on a version prior to 3.20 they will fail unless you add a template. See this FAQ entry and this Troubleshooting entry for more information.
Note
Some of the examples may be in multiple categories.
HTTP Services¶
- HTTP Services
- HTTP with custom persistence
- HTTP with no compression, BIG-IP TCP profile, iRule for pool
- HTTP with additional virtual service for corporate clients
- HTTP and HTTPS virtual services in one declaration
- Two applications sharing a pool
- Virtual server listening on multiple ports on the same address
- Using a Local Traffic Policy to forward HTTP Requests
- Enabling NAT64 in a declaration
TLS Encryption¶
- TLS Encryption
- Referencing an existing SSL certificate and key in the Common partition
- Using multiple SSL/TLS certificates in a single profile
- Using matchToSNI with a TLS_Server profile
- Using PKCS 12 in a declaration
- Enabling and disabling clientSSL (server SSL profile) from Endpoint policies
- HTTP and HTTPS virtual services in one declaration
- Using a client and server TLS profile in the same declaration
- Using Client Certificate Constrained Delegation (C3D) features in a declaration
- Securing client and server side LDAP traffic
- Using OCSP Certificate Validation in a declaration
- Using the staplerOCSP parameter in a certificate
- Ignoring validation of certificates when retrieving URI data
- Using TLS 1.3 and Cipher rules and groups in a declaration
- Referencing multiple SSL profiles on a single virtual service
- Configuring additional TLS options on a virtual
- Configuring explicit forward proxy settings in SSL (TLS) profiles
- Configuring a cache timeout in SSL (TLS) profiles
- Configuring an alert timeout in SSL (TLS) profiles
- Configuring the renegotiation property on TLS classes
- Configuring the retain certificate property on TLS classes
Non-HTTP Services¶
- Non-HTTP Services
- UDP virtual service
- TCP load-balanced to ICAP with custom monitor
- Using a FIX profile and data groups in a declaration
- Using tcpOptions in a TCP Profile
- Using existing FTP and SIP profiles in a declaration
- Creating an FTP profile in a declaration
- Using an existing TFTP profile in a declaration
- Setting BBR Congestion Control in a TCP profile with AS3
- Configuring SCTP services and referencing SCTP profiles in a declaration
- Referencing existing ICAP profiles in a declaration
- Using IP or L2 Forwarding in a declaration
- Creating multiple forwarding virtual services on different ports
Network Security¶
- Network Security
- Using Firewall Rules, Policies, and logging
- Using Firewall (Carrier Grade) NAT features in a declaration
- Securing SSH traffic with the SSH Proxy
- Using reject and accept-decisively actions and VLAN source in a firewall rule
- Creating Protocol Inspection profiles
- Setting Maximum Bandwidth on a virtual with AFM
- Creating an Idle Timeout policy in a declaration
- Adding logging for protocol inspection events
- Adding ports to a protocol inspection profile
- Configuring a Security Logging Profile with Bot defense
Application Security¶
- Application Security
- Virtual service referencing an existing security policy
- Virtual service referencing an external security policy
- Endpoint policy with default rule to disable WAF
- Endpoint policy with SSL SNI Match conditions and HTTP action
- Using a Security log profile with Application Security
- Using Persist Actions in an Endpoint Policy
- Changing the enforcement mode of a WAF policy retrieved from a URL
- Using an Anti-Fraud (FPS) profile in a declaration
- Defining server technologies in a WAF policy
- Disabling an attack signature in a WAF policy
- Using negative string conditions in Endpoint policies
- Adding Basic Auth when retrieving a WAF policy from a URL
- Configuring the status code used during a redirect with an endpoint policy
- Using TCP address and port conditions in an endpoint policy
- Referencing an Advanced WAF policy in a declaration
- Embedding a WAF policy in a declaration
- Referencing an API Protection profile in a declaration
DOS Protection¶
Policy Enforcement¶
Health Monitors¶
- Health Monitors
- Using an LDAP monitor in a declaration
- Using a DNS monitor in a declaration
- Using an external monitor in a declaration
- Using a RADIUS monitor in a declaration
- Using an FTP monitor in a declaration
- Using certificates in an HTTPS monitor
- Creating a mySQL monitor in a declaration
- Creating an HTTP/2 monitor in a declaration
Profiles¶
- Profiles
- Creating an HTTP Analytics profile in a declaration
- Using an Analytics profile with a Capture filter
- Using a Multiplex (OneConnect) profile in a declaration
- Using existing FTP and SIP profiles in a declaration
- Using a Traffic Log profile in a declaration
- Using a WebSocket profile in a declaration
- Using a Rewrite profile in a declaration
- Using a DoS profile in a declaration
- Using a DoS profile for Mobile Defense
- Using a HTTP Acceleration profile in a declaration
- Using a Security log profile with Application Security
- Using a Stream profile in a declaration
- Creating an FTP profile in a declaration
- Referencing existing iRules LX Profiles
- Using the HTTP/2 profile in a declaration
- Referencing an existing RTSP profile in a declaration
- Creating a TCP Analytics profile in a declaration
- Referencing a PPTP profile in a declaration
- Configuring SCTP services and referencing SCTP profiles in a declaration
- Referencing Request and Response Adapt profiles in a declaration
- Creating Request and Response Adapt profiles in a declaration
- Referencing existing ICAP profiles in a declaration
- Creating ICAP profiles in a declaration
- Configuring an ingress HTTP/2 profile in an HTTPS service
- Configuring a Fast L4 profile in a declaration
- Referencing an existing NTLM profile in a declaration
- Configuring an egress HTTP/2 profile in a declaration
Service Discovery¶
- Service Discovery
- Requirements for using Service Discovery
- Using Service Discovery to automatically populate a pool
- Using remote Service Discovery to automatically populate a pool with BIG-IP VE anywhere
- Using remote Service Discovery and sending the declaration to a remote BIG-IP
- Using an FQDN pool to identify pool members
- Event-Driven Service Discovery
- Service Discovery using HashiCorp Consul
- Service Discovery using HashiCorp Consul and CA Certificates
- Service Discovery using HashiCorp Consul without certificate validation
- Service Discovery for virtual servers in GSLB Servers
- Event-Driven and Static Service Discovery in one declaration
- Service Discovery using HashiCorp Consul for a specific service
- Referencing a Scale Set for Service Discovery in Azure
- Populating multiple pools with Service Discovery results
- Using Service Discovery to find Consul ports
- Using Service Discovery with the Consul Health API
- Using Managed Identities for Azure Service Discovery
DNS and GSLB¶
- BIG-IP DNS (GTM) and GSLB
- Using BIG-IP DNS features in a declaration
- Using GSLB features in a declaration
- Creating a DNS cache in a declaration
- Service Discovery for virtual servers in GSLB Servers
- Specifying a GSLB virtual server name in a declaration
- Creating a GSLB pool
- Using the depends-on property in GSLB pools
- Service Discovery for virtual servers in GSLB Servers
Miscellaneous Declarations¶
- Miscellaneous declarations
- Using PATCH to add a new Application to a Tenant
- Using the Service_Generic class
- Using Metadata in a declaration
- Virtual service allowing only specific VLANs
- Advertising a route for a Service Address
- Using Clone Pools in a declaration
- Sending multiple declarations in a single request (container)
- Sending multiple declarations in a single request (BIG-IQ)
- Using Splunk as a log destination
- Using shareNodes to reuse nodes across tenants
- Using the include property to reference one section of a declaration in another section
- Using both a source and destination address for a virtual service
- Creating an internal virtual service
- Configuring virtual address settings while using Source address filtering
- Referencing pools and iRules in a declaration
- Using the userAgent Controls property
- Using traceResponse to enable traces in AS3 responses
- Configuring management port log destinations
- Sharing IP addresses between virtual servers
- Configuring serviceDownImmediateAction on a virtual
- Using the /settings endpoint
- Configuring a SNAT pool
- Using an FQDN prefix for BIG-IP nodes