Additional Declarations¶
This section contains a number of additional example declarations you can use. Use the following index, or the links on the right to go to a specific category of declaration.
If you want to see an example that uses all of available BIG-IP AS3 properties, see the all properties declaration.
Important
Most of the example declarations have been updated in the documentation for BIG-IP AS3 3.20 to remove any template that was specified, and rename any virtual services that used the name serviceMain to service. In BIG-IP AS3 3.20, the generic template is the default, which allows services to use any name.
This also means that many of these declarations on a version prior to 3.20 they will fail unless you add a template. See this FAQ entry and this Troubleshooting entry for more information.
Note
Some of the examples may be in multiple categories.
HTTP Services¶
- HTTP Services
- HTTP with custom persistence
- HTTP with no compression, BIG-IP TCP profile, iRule for pool
- HTTP with additional virtual service for corporate clients
- HTTP and HTTPS virtual services in one declaration
- Two applications sharing a pool
- Virtual server listening on multiple ports on the same address
- Using a Local Traffic Policy to forward HTTP Requests
- Enabling NAT64 in a declaration
- Configuring an HTTP profile with a Proxy Connect profile
- Configuring enforcement properties in an HTTP profile
TLS Encryption¶
- TLS Encryption
- Referencing an existing SSL certificate and key in the Common partition
- Using multiple SSL/TLS certificates in a single profile
- Using matchToSNI with a TLS_Server profile
- Using PKCS 12 in a declaration
- Enabling and disabling clientSSL (server SSL profile) from Endpoint policies
- HTTP and HTTPS virtual services in one declaration
- Using a client and server TLS profile in the same declaration
- Using Client Certificate Constrained Delegation (C3D) features in a declaration
- Securing client and server side LDAP traffic
- Using OCSP Certificate Validation in a declaration
- Using the staplerOCSP parameter in a certificate
- Ignoring validation of certificates when retrieving URI data
- Using TLS 1.3 and Cipher rules and groups in a declaration
- Referencing multiple SSL profiles on a single virtual service
- Configuring additional TLS options on a virtual
- Configuring explicit forward proxy settings in SSL (TLS) profiles
- Configuring a cache timeout in SSL (TLS) profiles
- Configuring an alert timeout in SSL (TLS) profiles
- Configuring a handshake timeout in SSL (TLS) profiles
- Configuring the renegotiation property on TLS classes
- Configuring the retain certificate property on TLS classes
- Excluding host names from the SSL Forward Proxy Bypass
- Using certificate names as the SSL profile name
- Disabling the mode for TLS Server certificates
- Referencing a Chain CA with a ‘use’ pointer
- Disabling SSL on TLS profiles
- Configuring Client and Server TLS properties
- Configuring advanced Client and Server TLS properties
- Specifying the SSL signature hash type
Non-HTTP Services¶
- Non-HTTP Services
- UDP virtual service
- TCP load-balanced to ICAP with custom monitor
- Using a FIX profile and data groups in a declaration
- Using tcpOptions in a TCP Profile
- Using existing FTP and SIP profiles in a declaration
- Creating an FTP profile in a declaration
- Creating a TFTP profile in a declaration
- Setting BBR Congestion Control in a TCP profile with AS3
- Configuring SCTP services and referencing SCTP profiles in a declaration
- Referencing existing ICAP profiles in a declaration
- Using IP or L2 Forwarding in a declaration
- Creating multiple forwarding virtual services on different ports
- Creating a stateless UDP virtual server
- Creating port and address lists for a service
Network Security¶
- Network Security
- Using Firewall Rules, Policies, and logging
- Using Firewall (Carrier Grade) NAT features in a declaration
- Securing SSH traffic with the SSH Proxy
- Using reject and accept-decisively actions and VLAN source in a firewall rule
- Creating Protocol Inspection profiles
- Setting Maximum Bandwidth on a virtual with AFM
- Creating an Idle Timeout policy in a declaration
- Adding logging for protocol inspection events
- Adding ports to a protocol inspection profile
- Configuring a Security Logging Profile with Bot defense
- Referencing an IP Intelligence policy in a declaration
- Using a network address list in a declaration
- Creating an ALG log profile in a declaration
- Apply AFM Policies on the Route Domains
Application Security¶
- Application Security
- Virtual service referencing an existing security policy
- Virtual service referencing an external security policy
- Endpoint policy with default rule to disable WAF
- Endpoint policy with SSL SNI Match conditions and HTTP action
- Using a Security log profile with Application Security
- Using Persist Actions in an Endpoint Policy
- Changing the enforcement mode of a WAF policy retrieved from a URL
- Using an Anti-Fraud (FPS) profile in a declaration
- Defining server technologies in a WAF policy
- Disabling an attack signature in a WAF policy
- Using negative string conditions in Endpoint policies
- Adding Basic Auth when retrieving a WAF policy from a URL
- Configuring the status code used during a redirect with an Endpoint policy
- Using TCP address and port conditions in an Endpoint policy
- Referencing an Advanced WAF policy in a declaration
- Embedding a WAF policy in a declaration
- Referencing an API Protection profile in a declaration
- Using Tcl set-variable actions in an Endpoint policy
- Retrieving a WAF Policy from a URL using token-based authentication
- Using the HTTP method condition in an Endpoint policy
- Using “exist” and “does not exist” string comparison operands in an Endpoint policy
- Configuring TCP Endpoint Policy Conditions in a declaration
- Using the log Endpoint Policy Rule action
- Referencing a WAF policy from a file on the BIG-IP
- Using GeoIP Conditions in an Endpoint policy
- Configuring Security Log Profile NAT settings
- Enabling and disabling a bot defense profile in an Endpoint policy
- Using expand for values in a WAF policy
- Using the httpHost condition in an Endpoint policy rule
- Using HTTP Status condition in an Endpoint policy rule
DOS Protection¶
Policy Enforcement¶
Health Monitors¶
- Health Monitors
- Using an LDAP monitor in a declaration
- Using a DNS monitor in a declaration
- Using an external monitor in a declaration
- Using a RADIUS monitor in a declaration
- Using an FTP monitor in a declaration
- Using certificates in an HTTPS monitor
- Creating a mySQL monitor in a declaration
- Creating an HTTP/2 monitor in a declaration
- Creating a PostgreSQL monitor in a declaration
- Using an external GSLB monitor in a declaration
- Creating TCP and UDP monitors in a declaration
- Creating an inband monitor in a declaration
Profiles¶
- Profiles
- Creating an HTTP Analytics profile in a declaration
- Using an Analytics profile with a Capture filter
- Using a Multiplex (OneConnect) profile in a declaration
- Using existing FTP and SIP profiles in a declaration
- Using a Traffic Log profile in a declaration
- Using a WebSocket profile in a declaration
- Using a Rewrite profile in a declaration
- Using a DoS profile in a declaration
- Using a DoS profile for Mobile Defense
- Using a HTTP Acceleration profile in a declaration
- Using a Security log profile with Application Security
- Using a Stream profile in a declaration
- Creating an FTP profile in a declaration
- Referencing existing iRules LX Profiles
- Using the HTTP/2 profile in a declaration
- Creating an RTSP profile in a declaration
- Creating a TCP Analytics profile in a declaration
- Referencing a PPTP profile in a declaration
- Configuring SCTP services and referencing SCTP profiles in a declaration
- Referencing Request and Response Adapt profiles in a declaration
- Creating Request and Response Adapt profiles in a declaration
- Referencing existing ICAP profiles in a declaration
- Creating ICAP profiles in a declaration
- Configuring an ingress HTTP/2 profile in an HTTPS service
- Configuring a FastL4 profile in a declaration
- Referencing an existing NTLM profile in a declaration
- Configuring an egress HTTP/2 profile in a declaration
- Configuring an HTML profile in a declaration
- Using a string for the route domain property in an ‘explicit’ HTTP profile
- Using a SMTPS profile in a declaration
- Configuring a Statistics profile in a declaration
- Configuring a SOCKS profile in a declaration
Service Discovery¶
- Service Discovery
- Changes to Service Discovery in BIG-IP AS3 3.28 and later
- Requirements for using Service Discovery
- Using Service Discovery to automatically populate a pool
- Using remote Service Discovery to automatically populate a pool with BIG-IP VE anywhere
- Using remote Service Discovery and sending the declaration to a remote BIG-IP
- Using an FQDN pool to identify pool members
- Event-Driven Service Discovery
- Service Discovery using HashiCorp Consul
- Service Discovery using HashiCorp Consul and CA Certificates
- Service Discovery using HashiCorp Consul without certificate validation
- Service Discovery for virtual servers in GSLB Servers
- Event-Driven and Static Service Discovery in one declaration
- Service Discovery using HashiCorp Consul for a specific service
- Referencing a Scale Set for Service Discovery in Azure
- Populating multiple pools with Service Discovery results
- Using Service Discovery to find Consul ports
- Using Service Discovery with the Consul Health API
- Using Managed Identities for Azure Service Discovery
- Specifying a GCE project for service discovery
- Disabling Service Discovery
- Adding a route domain to a discovered pool member
- Specifying a node name in a declaration
DNS and GSLB¶
- BIG-IP DNS (GTM) and GSLB
- Using BIG-IP DNS features in a declaration
- Using GSLB features in a declaration
- Creating a DNS cache in a declaration
- Service Discovery for virtual servers in GSLB Servers
- Specifying a GSLB virtual server name in a declaration
- Creating a GSLB pool
- Using the depends-on property in GSLB pools
- Service Discovery for virtual servers in GSLB Servers
- Referencing a virtual server in a GSLB pool with a use pointer
Miscellaneous Declarations¶
- Miscellaneous declarations
- Using PATCH to add a new Application to a Tenant
- Using the Service_Generic class
- Using Metadata in a declaration
- Virtual service allowing only specific VLANs
- Advertising a route for a Service Address
- Using Clone Pools in a declaration
- Sending multiple declarations in a single request (BIG-IQ)
- Using Splunk as a log destination
- Using shareNodes to reuse nodes across tenants
- Using the include property to reference one section of a declaration in another section
- Using both a source and destination address for a virtual service
- Creating an internal virtual service
- Configuring virtual address settings while using Source address filtering
- Referencing pools and iRules in a declaration
- Using the userAgent Controls property
- Using traceResponse to enable traces in AS3 responses
- Configuring management port log destinations
- Sharing IP addresses between virtual servers
- Configuring serviceDownImmediateAction on a virtual
- Using the /settings endpoint
- Configuring a SNAT pool
- Using an FQDN prefix for BIG-IP nodes
- Enabling a MQTT profile on a TCP service in a declaration
- Retrieving data from URLs that use token-based authentication
- Referencing an iFile in an iRule declaration
- Enabling or disabling NAT and SNAT on a pool
- Using dry-run as an ADC Controls object
- Using the tag-append-html HTML rule in a declaration
- Adding a route domain to a static pool member
- Using HTML rules in a declaration
- Using ignoreChanges on resources referenced by URL
- Skipping a certificate check when referencing data groups from external URLs
- Referencing a data group from an external URL with token authentication
- Using adminState to disable a virtual, but leave the configuration
- Adding metadata to pools and pool members