Common ()

Basic_Auth (object)

Describes the basic authentication to access a resource

Properties (* = required):

name type(s) default allowed values description
method* string   “basic” Specifies the authentication method
passphrase* object     Specifies the password for authentication,A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL
username* string     Specifies the user name for authentication

Basic_Auth.passphrase (object)

Specifies the password for authentication A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL

Properties (* = required):

name type(s) default allowed values description
/*/        
allowReuse boolean   true, false If true, other declaration objects may reuse this value
reuseFrom string     BIG-IP AS3 pointer to another JWE cryptogram in this declaration to copy
url       URL from which secret should be fetched,Describes the URL to remote resource and optional parameters

Basic_Persist ()

Holds name of simple persistence method or BIG-IP AS3 pointer to persistence method

Bearer_Token (object)

Describes using a bearer token to access a resource

Properties (* = required):

name type(s) default allowed values description
method* string   “bearer-token” Specifies the authentication method
token*       Specifies the bearer token

Clone_Pools (object)

Specifies a pool that the virtual server uses to replicate either client or server traffic

Properties (* = required):

name type(s) default allowed values description
egress object     Egress (server-side context) clone pool,Reference to a pool
ingress object     Ingress (client-side context) clone pool,Reference to a pool

Clone_Pools.egress (object)

Egress (server-side context) clone pool Reference to a pool

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP pool
use string     AS3 pointer to pool declaration

Clone_Pools.ingress (object)

Ingress (client-side context) clone pool Reference to a pool

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP pool
use string     AS3 pointer to pool declaration

F5base64 (string)

Slightly over-matches both base64-orig and base64-url data

Allowed values: “^([0-9A-Za-z/+_-]*|[0-9A-Za-z/+_-]+={1,2})$”

F5string ()

String value optionally in base64 or from URL or BIG-IP AS3 pointer

Firewall_Rule (object)

Declares a network firewall rule.

Properties (* = required):

name type(s) default allowed values description
action* string   “accept”, “drop”, “accept-decisively”, “reject” Specifies the action that the firewall rule will take on matching packets.
destination object     Declares the packet destinations to which the network firewall rule applies.
iRule object     Specifies the name of the iRule (by BIG-IP AS3 pointer or BIG-IP pathname) that the system will trigger when a packet matches the firewall rule.
iRuleSampleRate integer   -∞ - -Infinity Specifies the rate at which the system will trigger the specified iRule when a packet matches this firewall rule. The default value is 1 and causes the system to trigger the iRule for every packet that matches. A value of 0 disables iRule triggering.
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
loggingEnabled boolean false true, false Specifies whether the system enables or disables logging for the firewall rule.
name* string     The name of the firewall rule.
protocol string “any” “3pc”, “a/n”, “ah”, “any”, “argus”, “aris”, “ax.25”, “bbn-rcc”, “bna”, “br-sat-mon”, “cbt”, “cftp”, “chaos”, “compaq-peer”, “cphb”, “cpnx”, “crdup”, “crtp”, “dccp”, “dcn”, “ddp”, “ddx”, “dgp”, “dsr”, “egp”, “eigrp”, “emcon”, “encap”, “esp”, “etherip”, “fc”, “fire”, “ggp”, “gmtp”, “gre”, “hip”, “hmp”, “hopopt”, “i-nlsp”, “iatp”, “icmp”, “idpr”, “idpr-cmtp”, “idrp”, “ifmp”, “igmp”, “igp”, “il”, “ip”, “ipcomp”, “ipcv”, “ipip”, “iplt”, “ippc”, “ipv4”, “ipv6”, “ipv6-auth”, “ipv6-crypt”, “ipv6-frag”, “ipv6-icmp”, “ipv6-nonxt”, “ipv6-opts”, “ipv6-route”, “ipx-in-ip”, “irtp”, “isis”, “iso-ip”, “iso-tp4”, “kryptolan”, “l2tp”, “larp”, “leaf-1”, “leaf-2”, “manet”, “merit-inp”, “mfe-nsp”, “micp”, “mobile”, “mobility-header”, “mpls-in-ip”, “mtp”, “mux”, “narp”, “netblt”, “nsfnet-igp”, “nvp”, “ospf”, “pgm”, “pim”, “pipe”, “pnni”, “prm”, “ptp”, “pup”, “pvp”, “qnx”, “rdp”, “rohc”, “rsvp”, “rsvp-e2e-ignore”, “rvd”, “sat-expak”, “sat-mon”, “scc-sp”, “scps”, “sctp”, “sdrp”, “secure-vmtp”, “shim6”, “skip”, “sm”, “smp”, “snp”, “sprite-rpc”, “sps”, “srp”, “sscopmce”, “st”, “stp”, “sun-nd”, “swipe”, “tcf”, “tcp”, “tlsp”, “tp++”, “trunk-1”, “trunk-2”, “ttp”, “udp”, “udplite”, “uti”, “vines”, “visa”, “vmtp”, “vrrp”, “wb-expak”, “wb-mon”, “wesp”, “wsn”, “xnet”, “xns-idp”, “xtp” Specifies the protocol to which the firewall rule applies
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
source object     Declares the packet sources to which the network firewall rule applies.

Firewall_Rule.destination (object)

Declares the packet destinations to which the network firewall rule applies.

Properties (* = required):

name type(s) default allowed values description
addressLists array     A list of address lists (each by BIG-IP AS3 pointer or BIG-IP pathname).
portLists array     A list of port lists (each by BIG-IP AS3 pointer or BIG-IP pathname).

Firewall_Rule.iRule (object)

Specifies the name of the iRule (by BIG-IP AS3 pointer or BIG-IP pathname) that the system will trigger when a packet matches the firewall rule.

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP iRule
use string     BIG-IP AS3 pointer to iRule declaration

Firewall_Rule.source (object)

Declares the packet sources to which the network firewall rule applies.

Properties (* = required):

name type(s) default allowed values description
addressLists array     A list of address lists (each by BIG-IP AS3 pointer or BIG-IP pathname).
portLists array     A list of port lists (each by BIG-IP AS3 pointer or BIG-IP pathname).
vlans array     A list of VLANs by BIG-IP pathname

Firewall_Rule_Destination (object)

Declares the packet destinations to which the network firewall rule applies.

Properties (* = required):

name type(s) default allowed values description
addressLists array     A list of address lists (each by BIG-IP AS3 pointer or BIG-IP pathname).
portLists array     A list of port lists (each by BIG-IP AS3 pointer or BIG-IP pathname).

Firewall_Rule_Source (object)

Declares the packet sources to which the network firewall rule applies.

Properties (* = required):

name type(s) default allowed values description
addressLists array     A list of address lists (each by BIG-IP AS3 pointer or BIG-IP pathname).
portLists array     A list of port lists (each by BIG-IP AS3 pointer or BIG-IP pathname).
vlans array     A list of VLANs by BIG-IP pathname

GSLB_Topology_Condition (object)

Properties (* = required):

name type(s) default allowed values description
/*/        
matchOperator string “equals” “equals”, “not-equals” Specifies the operation to perform a match. Default value is equals (matches)
matchType* string   “continent”, “country”, “datacenter”, “geoip-isp”, “isp”, “pool”, “region”, “state”, “subnet” Specifies the type/category of match to perform
matchValue* string, object     Specifies the value to match

GSLB_Topology_Condition.matchValue (string, object)

Specifies the value to match

Include (object)

Defines inclusion of one part of the schema into another

Properties (* = required):

name type(s) default allowed values description
/*/        
include       Keyword to allow for inclusion of one part of the declaration into another

iRule_Core ()

Reference to an iRule or text of an iRule String value optionally in base64 or from URL or BIG-IP AS3 pointer

JWE (object)

A value in a cryptogram which is a Flattened JWE JSON Serialization object. If ‘miniJWE’ is true then enc=(none|f5sv) only (in JOSE header)

Properties (* = required):

name type(s) default allowed values description
/*/        
ciphertext string   “^([0-9A-Za-z/+_-]*|[0-9A-Za-z/+_-]+={1,2})$” Put base64url(data_value) here,Slightly over-matches both base64-orig and base64-url data
ignoreChanges boolean false true, false If false (default), the system updates the ciphertext in every BIG-IP AS3 declaration deployment. If true, BIG-IP AS3 creates the ciphertext on first deployment, and leaves it untouched afterwards
miniJWE boolean true true, false If true (default), object is an f5 mini-JWE
protected* string “eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0” “^([0-9A-Za-z/+_-]*|[0-9A-Za-z/+_-]+={1,2})$” JOSE header: alg=dir, enc=(none|f5sv); default enc=none (encoded default is ‘protected’=’eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0’, use with secret simply base64url-encoded into ‘ciphertext’). If you see ‘protected’=’eyJhbGciOiJkaXIiLCJlbmMiOiJmNXN2In0’, ‘ciphertext’ contains base64url-encoded SecureVault cryptogram,Slightly over-matches both base64-orig and base64-url data

Label (string)

Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML

Allowed values: “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$”

Metadata (object)

Useful datapoints for tracking, tagging, and organizing declarations.

Properties (* = required):

name type(s) default allowed values description
/*/ object      

Metadata./*/ (object)

Properties (* = required):

name type(s) default allowed values description
persist boolean true true, false  
value* string      

Remark (string)

Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks

Allowed values: “^[^x00-x1fx22x5cx7f]*$”

Resource_URL ()

Describes the URL to remote resource and optional parameters

Secret (object)

A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL

Properties (* = required):

name type(s) default allowed values description
/*/        
allowReuse boolean   true, false If true, other declaration objects may reuse this value
reuseFrom string     BIG-IP AS3 pointer to another JWE cryptogram in this declaration to copy
url       URL from which secret should be fetched,Describes the URL to remote resource and optional parameters

Secret_Resource_URL ()

Describes the URL to remote resource and optional parameters

Service_Core (object)

Core attributes of a virtual server Defines inclusion of one part of the schema into another

Properties (* = required):

name type(s) default allowed values description
/*/        
addressStatus boolean true true, false Specifies whether the virtual server will contribute to the operational status of the associated virtual address
adminState string “enable” “enable”, “disable” Specifies the state of the Service. When set to disable the Service no longer accepts new connection requests, but will allow current connections to finish processing before going to a down state.
allowVlans array     Names of existing VLANs to add to this virtual server to allow.
clonePools object     Specifies a pool that the virtual server uses to replicate either client or server traffic
enable boolean true true, false Virtual server handles traffic only when enabled (default)
fallbackPersistenceMethod       Holds name of simple persistence method or BIG-IP AS3 pointer to persistence method
httpMrfRoutingEnabled boolean false true, false Specifies whether to use the HTTP message routing framework (MRF) functionality. This property is available on BIGIP 14.1 and above.
include       Keyword to allow for inclusion of one part of the declaration into another
ipIntelligencePolicy object     Reference to a IP Intelligence Policy
iRules array     List iRules for this virtual server (order is significant)
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
lastHop   “default”   Name of built-in last-hop method or BIG-IP AS3 pointer to last-hop pool (default ‘default’ means use system setting)
maxConnections integer 0 0 - ∞ Specifies the maximum number of concurrent connections you want to allow for the virtual server
maximumBandwidth       Specifies the maximum bandwidth allowed, in Mbps.
metadata object     Useful datapoints for tracking, tagging, and organizing declarations.
mirroring string “none” “none”, “L4” Controls connection-mirroring for high-availability
nat64Enabled boolean false true, false If true, translate IPv6 traffic into IPv4 (default false)
persistenceMethods array     List of persistence methods (each by name or BIG-IP AS3 pointer). Element 0 is primary (default) persistence method. Use ‘persistenceMethods: []’ for no persistence.
policyBandwidthControl object     BIG-IP AS3 pointer to Bandwidth Control Policy (policy must be static),Reference to a bandwidth control policy
policyFirewallEnforced object     Reference to a firewall (AFM) policy
policyFirewallStaged object     Reference to a firewall (AFM) policy
policyIdleTimeout object     Reference to a idle timeout policy
policyNAT object     BIG-IP AS3 pointer to NAT policy declaration
pool       BIG-IP AS3 pointer to pool if any (declared separately)
profileClassification object     Reference to a classification profile
profileDiameterEndpoint object     Reference to a enforcement profile diameter endpoint
profileDNS object     Reference to a DNS profile
profileEnforcement object     Reference to a enforcement profile
profileIntegratedBotDefense object     BIG-IP AS3 pointer to an Integrated Bot Defense Profile. These are only supported in tmos version 17.0+.,Reference to a Integrated Bot Defense Profile
profileIPOther object     Reference to a ipother profile
profileProtocolInspection object     BIG-IP AS3 pointer to Protocol Inspection Profile declaration,Reference to a Protocol Inspection Profile
profileRewrite object     Reference to a Rewrite Profile
profileSubscriberManagement object     Reference to a enforcement subscriber management profile
profileTrafficLog object     Reference to a traffic log profile
rateLimit integer 0 0 - ∞ Specifies the maximum number of connections per second allowed for a virtual server
rejectVlans array     Names of existing VLANs to add to this virtual server to reject.
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
securityLogProfiles array     Specifies the log profile applied to the virtual server
serviceDownImmediateAction string “none” “none”, “drop”, “reset” Specifies the immediate action the BIG-IP system should respond with upon the receipt of the initial client’s SYN packet if the availability status of the virtual server is Offline or Unavailable. This is supported for the virtual server of Standard type and TCP protocol. The default value is none.
shareAddresses boolean false true, false A user set boolean that indicates whether the virtualAddresses should be added to or checked for /Common instead of the tenant. This value defaults to false, and so will put the virtualAddresses into their tenant.
snat   “auto”   Name of built-in SNAT method or BIG-IP AS3 pointer to SNAT pool. If ‘self’, the system uses the virtual-server address as SNAT address
sourceAddress string   “f5ip” formatted string Accept connections only from these subnet(s). Only allowed if virtualType is internal, otherwise use virtualAddresses.
translateClientPort boolean, string false true, false If true, hide client’s port number from server. A value of true is the same as the string ‘change’ while a value of false is the same as the string ‘preserve’. The value ‘preserve-strict’ is the only other allowed value for a string
translateServerAddress boolean true true, false If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateServerPort boolean true true, false If true (default), make server-side connection to server port (otherwise, connect to server on virtual-server port)
virtualAddresses array     Virtual server will listen to each IP address in list. To accept connections only from certain subnet(s), replace IP address with array [IP-address, accept-from-subnet]. IP address can also be replaced by a reference to a Service_Address.

Service_Core.clonePools (object)

Specifies a pool that the virtual server uses to replicate either client or server traffic

Properties (* = required):

name type(s) default allowed values description
egress object     Egress (server-side context) clone pool,Reference to a pool
ingress object     Ingress (client-side context) clone pool,Reference to a pool

Service_Core.clonePools.egress (object)

Egress (server-side context) clone pool Reference to a pool

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP pool
use string     AS3 pointer to pool declaration

Service_Core.clonePools.ingress (object)

Ingress (client-side context) clone pool Reference to a pool

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP pool
use string     AS3 pointer to pool declaration

Service_Core.ipIntelligencePolicy (object)

Reference to a IP Intelligence Policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP IP Intelligence Policy

Service_Core.metadata (object)

Useful datapoints for tracking, tagging, and organizing declarations.

Properties (* = required):

name type(s) default allowed values description
/*/ object      

Service_Core.metadata./*/ (object)

Properties (* = required):

name type(s) default allowed values description
persist boolean true true, false  
value* string      

Service_Core.policyBandwidthControl (object)

BIG-IP AS3 pointer to Bandwidth Control Policy (policy must be static) Reference to a bandwidth control policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP bandwidth control policy
use string     AS3 pointer to bandwidth control policy declaration

Service_Core.policyFirewallEnforced (object)

Reference to a firewall (AFM) policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP firewall (AFM) policy
use string     AS3 pointer to firewall (AFM) policy declaration

Service_Core.policyFirewallStaged (object)

Reference to a firewall (AFM) policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP firewall (AFM) policy
use string     AS3 pointer to firewall (AFM) policy declaration

Service_Core.policyIdleTimeout (object)

Reference to a idle timeout policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP idle timeout policy
use string     AS3 pointer to idle timeout policy declaration

Service_Core.policyNAT (object)

BIG-IP AS3 pointer to NAT policy declaration

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP NAT policy
use string     BIG-IP AS3 pointer to NAT policy declaration

Service_Core.profileClassification (object)

Reference to a classification profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP classification profile
use string     AS3 pointer to classification profile declaration

Service_Core.profileDiameterEndpoint (object)

Reference to a enforcement profile diameter endpoint

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP enforcement profile diameter endpoint
use string     AS3 pointer to enforcement profile diameter endpoint declaration

Service_Core.profileDNS (object)

Reference to a DNS profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP DNS profile
use string     AS3 pointer to DNS profile declaration

Service_Core.profileEnforcement (object)

Reference to a enforcement profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP PEM spm policy
use string     AS3 pointer to enforcement profile declaration

Service_Core.profileIntegratedBotDefense (object)

BIG-IP AS3 pointer to an Integrated Bot Defense Profile. These are only supported in tmos version 17.0+. Reference to a Integrated Bot Defense Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Integrated Bot Defense Profile

Service_Core.profileIPOther (object)

Reference to a ipother profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP ipother profile
use string     AS3 pointer to ipother profile declaration

Service_Core.profileProtocolInspection (object)

BIG-IP AS3 pointer to Protocol Inspection Profile declaration Reference to a Protocol Inspection Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Protocol Inspection Profile
use string     AS3 pointer to Protocol Inspection Profile declaration

Service_Core.profileRewrite (object)

Reference to a Rewrite Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Rewrite Profile
use string     AS3 pointer to Rewrite Profile declaration

Service_Core.profileSubscriberManagement (object)

Reference to a enforcement subscriber management profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP PEM subscriber-mgmt policy
use string     AS3 pointer to enforcement subscriber management profile declaration

Service_Core.profileTrafficLog (object)

Reference to a traffic log profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Request Logging Profile
use string     AS3 pointer to traffic log profile declaration

Service_Discovery_AWS (object)

Service Discovery properties for Amazon Web Services (AWS)

Properties (* = required):

name type(s) default allowed values description
/*/        
accessKeyId string     Information for discovering AWS nodes that are not in the same region as your BIG-IP (also requires the secretAccessKey field
addressRealm string “private” “public”, “private” Specifies whether to look for public or private IP addresses
credentialUpdate boolean false true, false Specifies whether you are updating your credentials
externalId string     External Id
region* string “”   Empty string (default) means region in which ADC is running
roleARN string     Assume a role (also requires the externalId field)
secretAccessKey       Will be stored in the declaration as an encrypted string
tagKey* string     The tag key associated with the node to add to this pool
tagValue* string     The tag value associated with the node to add to this pool
undetectableAction string “remove” “disable”, “remove” Action to take when node cannot be detected

Service_Discovery_Azure (object)

Service Discovery properties for Azure

Properties (* = required):

name type(s) default allowed values description
/*/        
addressRealm string “private” “public”, “private” Specifies whether to look for public or private IP addresses
apiAccessKey       Azure registered application API access key (AKA service principal secret). Will be stored in the declaration in an encrypted format.
applicationId string     Azure registered application ID (AKA client ID)
credentialUpdate boolean false true, false Specifies whether you are updating your credentials
directoryId string     Azure Active Directory ID (AKA tenant ID)
environment string “Azure”   Azure environment name. Required if environment should not be determined by instance metadata.
resourceGroup* string     Azure Resource Group name
resourceId string     ID of resource to find nodes by.
resourceType string   “tag”, “scaleSet” Type of resource identified by resourceId. This can be used in place of tagKey/tagValue.
subscriptionId* string     Azure subscription ID
tagKey string     The tag key associated with the node to add to this pool
tagValue string     The tag value associated with the node to add to this pool
undetectableAction string “remove” “disable”, “remove” Action to take when node cannot be detected
useManagedIdentity boolean false true, false Use Azure managed identity rather than directoryId, applicationId, and apiAccessKey

Service_Discovery_Consul (object)

Service Discovery properties for Consul

Properties (* = required):

name type(s) default allowed values description
/*/        
addressRealm string “private” “public”, “private” Specifies whether to look for public or private IP addresses
credentialUpdate boolean false true, false Specifies whether you are updating your credentials
encodedToken       Base 64 encoded bearer token to make requests to the Consul API. Will be stored in the declaration in an encrypted format.
jmesPathQuery string     Custom JMESPath Query
rejectUnauthorized boolean true true, false If true, the server certificate is verified against the list of supplied/default CAs when making requests to the Consul API.
trustCA object     CA Bundle to validate server certificates,Reference to a Ca Bundle
undetectableAction string “remove” “disable”, “remove” Action to take when node cannot be detected
uri* string     The location of the node data

Service_Discovery_Consul.trustCA (object)

CA Bundle to validate server certificates Reference to a Ca Bundle

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Ca Bundle
use string     AS3 pointer to Ca Bundle declaration

Service_Discovery_GCE (object)

Service Discovery properties for Google Compute Engine (GCE)

Properties (* = required):

name type(s) default allowed values description
/*/        
addressRealm string “private” “public”, “private” Specifies whether to look for public or private IP addresses
credentialUpdate boolean false true, false Specifies whether you are updating your credentials
encodedCredentials       Base 64 encoded service account credentials JSON
projectId string     For Google Cloud Engine (GCE) only: The ID of the project in which the members are located
region* string     Empty string (default) means region in which ADC is running
tagKey* string     The tag key associated with the node to add to this pool
tagValue* string     The tag value associated with the node to add to this pool
undetectableAction string “remove” “disable”, “remove” Action to take when node cannot be detected

Service_Discovery_Polling_Core (object)

Properties (* = required):

name type(s) default allowed values description
/*/        
addressRealm string “private” “public”, “private” Specifies whether to look for public or private IP addresses
credentialUpdate boolean false true, false Specifies whether you are updating your credentials
undetectableAction string “remove” “disable”, “remove” Action to take when node cannot be detected

Service_Discovery_Polling_Core_Tagged (object)

Properties (* = required):

name type(s) default allowed values description
/*/        
addressRealm string “private” “public”, “private” Specifies whether to look for public or private IP addresses
credentialUpdate boolean false true, false Specifies whether you are updating your credentials
tagKey string     The tag key associated with the node to add to this pool
tagValue string     The tag value associated with the node to add to this pool
undetectableAction string “remove” “disable”, “remove” Action to take when node cannot be detected

Service_HTTP_Core (object)

Core attributes of HTTP(S) virtual server Core attributes of TCP virtual server Core attributes of a virtual server Defines inclusion of one part of the schema into another

Properties (* = required):

name type(s) default allowed values description
/*/        
addressStatus boolean true true, false Specifies whether the virtual server will contribute to the operational status of the associated virtual address
adminState string “enable” “enable”, “disable” Specifies the state of the Service. When set to disable the Service no longer accepts new connection requests, but will allow current connections to finish processing before going to a down state.
allowVlans array     Names of existing VLANs to add to this virtual server to allow.
clientTLS       BIG-IP AS3 pointer to TLS Client declaration
clonePools object     Specifies a pool that the virtual server uses to replicate either client or server traffic
enable boolean true true, false Virtual server handles traffic only when enabled (default)
fallbackPersistenceMethod       Holds name of simple persistence method or BIG-IP AS3 pointer to persistence method
httpMrfRoutingEnabled boolean false true, false Specifies whether to use the HTTP message routing framework (MRF) functionality. This property is available on BIGIP 14.1 and above.
include       Keyword to allow for inclusion of one part of the declaration into another
ipIntelligencePolicy object     Reference to a IP Intelligence Policy
iRules array     List iRules for this virtual server (order is significant)
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
lastHop   “default”   Name of built-in last-hop method or BIG-IP AS3 pointer to last-hop pool (default ‘default’ means use system setting)
layer4 string “tcp” “tcp” For TCP virtual server, Layer 4 protocol must be TCP
maxConnections integer 0 0 - ∞ Specifies the maximum number of concurrent connections you want to allow for the virtual server
maximumBandwidth       Specifies the maximum bandwidth allowed, in Mbps.
metadata object     Useful datapoints for tracking, tagging, and organizing declarations.
mirroring string “none” “none”, “L4” Controls connection-mirroring for high-availability
nat64Enabled boolean false true, false If true, translate IPv6 traffic into IPv4 (default false)
persistenceMethods array     List of persistence methods (each by name or BIG-IP AS3 pointer). Element 0 is primary (default) persistence method. Use ‘persistenceMethods: []’ for no persistence.
policyBandwidthControl object     BIG-IP AS3 pointer to Bandwidth Control Policy (policy must be static),Reference to a bandwidth control policy
policyEndpoint       BIG-IP AS3 pointer to Endpoint policy declaration
policyFirewallEnforced object     Reference to a firewall (AFM) policy
policyFirewallStaged object     Reference to a firewall (AFM) policy
policyIAM object     BIG-IP AS3 pointer to IAM (APM) policy declaration,Reference to a Access Profile
policyIdleTimeout object     Reference to a idle timeout policy
policyNAT object     BIG-IP AS3 pointer to NAT policy declaration
policyPerRequestAccess object     Reference to a Per Request Access Policy
policyWAF object     Reference to a WAF policy
pool       BIG-IP AS3 pointer to pool if any (declared separately)
profileAccess object     Reference to a Access Profile
profileAnalytics object     Reference to a Analytics_Profile
profileAnalyticsTcp object     Reference to a Analytics_TCP_Profile
profileApiProtection object     API protection profile to attach to service. This property is available on BIGIP 14.1 and above.,Reference to a API_Protection_Profile
profileBotDefense object     Attaches a Bot Defense profile to the service. This property is available on BIGIP 14.1 and above.,Reference to a bot defense profile
profileClassification object     Reference to a classification profile
profileConnectivity object     Reference to a Connectivity Profile
profileDiameterEndpoint object     Reference to a enforcement profile diameter endpoint
profileDNS object     Reference to a DNS profile
profileDOS object     Reference to a DOS Profile
profileEnforcement object     Reference to a enforcement profile
profileFIX object     Reference to a FIX profile
profileFPS object     FPS Profile to attach to service,Reference to a FPS Profile
profileHTML object     Reference to a HTML_Profile
profileHTTP   “basic”   HTTP profile; name of built-in or else BIG-IP AS3 pointer
profileHTTPAcceleration       Web acceleration profile; name of built-in or else BIG-IP AS3 pointer
profileHTTPCompression       HTTP compression profile; name of built-in or else BIG-IP AS3 pointer
profileIntegratedBotDefense object     BIG-IP AS3 pointer to an Integrated Bot Defense Profile. These are only supported in tmos version 17.0+.,Reference to a Integrated Bot Defense Profile
profileIPOther object     Reference to a ipother profile
profileMultiplex       Multiplex (OneConnect) profile; name of built-in or else BIG-IP AS3 pointer
profileNTLM object     Reference to a NT LAN Manager profile
profileProtocolInspection object     BIG-IP AS3 pointer to Protocol Inspection Profile declaration,Reference to a Protocol Inspection Profile
profileRequestAdapt object     Reference to a Request Adapt Profile
profileResponseAdapt object     Reference to a Response Adapt Profile
profileRewrite object     Reference to a Rewrite Profile
profileSSHProxy object     Reference to a SSH proxy profile
profileStream object     Reference to a stream profile
profileSubscriberManagement object     Reference to a enforcement subscriber management profile
profileTCP   “normal”   TCP profile; name of built-in or else BIG-IP AS3 pointer
profileTrafficLog object     Reference to a traffic log profile
profileVdi object     VDI profile to attach to service.,Reference to a VDI profile
rateLimit integer 0 0 - ∞ Specifies the maximum number of connections per second allowed for a virtual server
rejectVlans array     Names of existing VLANs to add to this virtual server to reject.
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
securityLogProfiles array     Specifies the log profile applied to the virtual server
serverTLS       BIG-IP AS3 pointer to TLS Server declaration
serviceDownImmediateAction string “none” “none”, “drop”, “reset” Specifies the immediate action the BIG-IP system should respond with upon the receipt of the initial client’s SYN packet if the availability status of the virtual server is Offline or Unavailable. This is supported for the virtual server of Standard type and TCP protocol. The default value is none.
shareAddresses boolean false true, false A user set boolean that indicates whether the virtualAddresses should be added to or checked for /Common instead of the tenant. This value defaults to false, and so will put the virtualAddresses into their tenant.
snat   “auto”   Name of built-in SNAT method or BIG-IP AS3 pointer to SNAT pool. If ‘self’, the system uses the virtual-server address as SNAT address
sourceAddress string   “f5ip” formatted string Accept connections only from these subnet(s). Only allowed if virtualType is internal, otherwise use virtualAddresses.
translateClientPort boolean, string false true, false If true, hide client’s port number from server. A value of true is the same as the string ‘change’ while a value of false is the same as the string ‘preserve’. The value ‘preserve-strict’ is the only other allowed value for a string
translateServerAddress boolean true true, false If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateServerPort boolean true true, false If true (default), make server-side connection to server port (otherwise, connect to server on virtual-server port)
virtualAddresses array     Virtual server will listen to each IP address in list. To accept connections only from certain subnet(s), replace IP address with array [IP-address, accept-from-subnet]. IP address can also be replaced by a reference to a Service_Address.
virtualPort integer   0 - 65535 virtual server TCP port
virtualType string “standard” “standard”, “internal” Type of the virtual

Service_HTTP_Core.clonePools (object)

Specifies a pool that the virtual server uses to replicate either client or server traffic

Properties (* = required):

name type(s) default allowed values description
egress object     Egress (server-side context) clone pool,Reference to a pool
ingress object     Ingress (client-side context) clone pool,Reference to a pool

Service_HTTP_Core.clonePools.egress (object)

Egress (server-side context) clone pool Reference to a pool

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP pool
use string     AS3 pointer to pool declaration

Service_HTTP_Core.clonePools.ingress (object)

Ingress (client-side context) clone pool Reference to a pool

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP pool
use string     AS3 pointer to pool declaration

Service_HTTP_Core.ipIntelligencePolicy (object)

Reference to a IP Intelligence Policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP IP Intelligence Policy

Service_HTTP_Core.metadata (object)

Useful datapoints for tracking, tagging, and organizing declarations.

Properties (* = required):

name type(s) default allowed values description
/*/ object      

Service_HTTP_Core.metadata./*/ (object)

Properties (* = required):

name type(s) default allowed values description
persist boolean true true, false  
value* string      

Service_HTTP_Core.policyBandwidthControl (object)

BIG-IP AS3 pointer to Bandwidth Control Policy (policy must be static) Reference to a bandwidth control policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP bandwidth control policy
use string     AS3 pointer to bandwidth control policy declaration

Service_HTTP_Core.policyFirewallEnforced (object)

Reference to a firewall (AFM) policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP firewall (AFM) policy
use string     AS3 pointer to firewall (AFM) policy declaration

Service_HTTP_Core.policyFirewallStaged (object)

Reference to a firewall (AFM) policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP firewall (AFM) policy
use string     AS3 pointer to firewall (AFM) policy declaration

Service_HTTP_Core.policyIAM (object)

BIG-IP AS3 pointer to IAM (APM) policy declaration Reference to a Access Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Access Profile
use string     AS3 pointer to Access Profile declaration

Service_HTTP_Core.policyIdleTimeout (object)

Reference to a idle timeout policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP idle timeout policy
use string     AS3 pointer to idle timeout policy declaration

Service_HTTP_Core.policyNAT (object)

BIG-IP AS3 pointer to NAT policy declaration

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP NAT policy
use string     BIG-IP AS3 pointer to NAT policy declaration

Service_HTTP_Core.policyPerRequestAccess (object)

Reference to a Per Request Access Policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Per Request Access Policy
use string     AS3 pointer to Per Request Access Policy declaration

Service_HTTP_Core.policyWAF (object)

Reference to a WAF policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP WAF policy
use string     AS3 pointer to WAF policy declaration

Service_HTTP_Core.profileAccess (object)

Reference to a Access Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Access Profile
use string     AS3 pointer to Access Profile declaration

Service_HTTP_Core.profileAnalytics (object)

Reference to a Analytics_Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Analytics_Profile
use string     AS3 pointer to Analytics_Profile declaration

Service_HTTP_Core.profileAnalyticsTcp (object)

Reference to a Analytics_TCP_Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Analytics_TCP_Profile
use string     AS3 pointer to Analytics_TCP_Profile declaration

Service_HTTP_Core.profileApiProtection (object)

API protection profile to attach to service. This property is available on BIGIP 14.1 and above. Reference to a API_Protection_Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP API_Protection_Profile

Service_HTTP_Core.profileBotDefense (object)

Attaches a Bot Defense profile to the service. This property is available on BIGIP 14.1 and above. Reference to a bot defense profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP bot defense profile

Service_HTTP_Core.profileClassification (object)

Reference to a classification profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP classification profile
use string     AS3 pointer to classification profile declaration

Service_HTTP_Core.profileConnectivity (object)

Reference to a Connectivity Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Connectivity Profile

Service_HTTP_Core.profileDiameterEndpoint (object)

Reference to a enforcement profile diameter endpoint

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP enforcement profile diameter endpoint
use string     AS3 pointer to enforcement profile diameter endpoint declaration

Service_HTTP_Core.profileDNS (object)

Reference to a DNS profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP DNS profile
use string     AS3 pointer to DNS profile declaration

Service_HTTP_Core.profileDOS (object)

Reference to a DOS Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP DOS Profile
use string     AS3 pointer to DOS Profile declaration

Service_HTTP_Core.profileEnforcement (object)

Reference to a enforcement profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP PEM spm policy
use string     AS3 pointer to enforcement profile declaration

Service_HTTP_Core.profileFIX (object)

Reference to a FIX profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP FIX profile
use string     AS3 pointer to FIX profile declaration

Service_HTTP_Core.profileFPS (object)

FPS Profile to attach to service Reference to a FPS Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP FPS Profile

Service_HTTP_Core.profileHTML (object)

Reference to a HTML_Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP HTML_Profile
use string     AS3 pointer to HTML_Profile declaration

Service_HTTP_Core.profileIntegratedBotDefense (object)

BIG-IP AS3 pointer to an Integrated Bot Defense Profile. These are only supported in tmos version 17.0+. Reference to a Integrated Bot Defense Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Integrated Bot Defense Profile

Service_HTTP_Core.profileIPOther (object)

Reference to a ipother profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP ipother profile
use string     AS3 pointer to ipother profile declaration

Service_HTTP_Core.profileNTLM (object)

Reference to a NT LAN Manager profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP NT LAN Manager profile

Service_HTTP_Core.profileProtocolInspection (object)

BIG-IP AS3 pointer to Protocol Inspection Profile declaration Reference to a Protocol Inspection Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Protocol Inspection Profile
use string     AS3 pointer to Protocol Inspection Profile declaration

Service_HTTP_Core.profileRequestAdapt (object)

Reference to a Request Adapt Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Request Adapt Profile
use string     AS3 pointer to Request Adapt Profile declaration

Service_HTTP_Core.profileResponseAdapt (object)

Reference to a Response Adapt Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Response Adapt Profile
use string     AS3 pointer to Response Adapt Profile declaration

Service_HTTP_Core.profileRewrite (object)

Reference to a Rewrite Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Rewrite Profile
use string     AS3 pointer to Rewrite Profile declaration

Service_HTTP_Core.profileSSHProxy (object)

Reference to a SSH proxy profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP SSH proxy profile
use string     AS3 pointer to SSH proxy profile declaration

Service_HTTP_Core.profileStream (object)

Reference to a stream profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP stream profile
use string     AS3 pointer to stream profile declaration

Service_HTTP_Core.profileSubscriberManagement (object)

Reference to a enforcement subscriber management profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP PEM subscriber-mgmt policy
use string     AS3 pointer to enforcement subscriber management profile declaration

Service_HTTP_Core.profileTrafficLog (object)

Reference to a traffic log profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Request Logging Profile
use string     AS3 pointer to traffic log profile declaration

Service_HTTP_Core.profileVdi (object)

VDI profile to attach to service. Reference to a VDI profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP VDI profile

Service_L4_Core (object)

Core attributes of L4 virtual server Core attributes of a virtual server Defines inclusion of one part of the schema into another

Properties (* = required):

name type(s) default allowed values description
/*/        
addressStatus boolean true true, false Specifies whether the virtual server will contribute to the operational status of the associated virtual address
adminState string “enable” “enable”, “disable” Specifies the state of the Service. When set to disable the Service no longer accepts new connection requests, but will allow current connections to finish processing before going to a down state.
allowVlans array     Names of existing VLANs to add to this virtual server to allow.
clonePools object     Specifies a pool that the virtual server uses to replicate either client or server traffic
enable boolean true true, false Virtual server handles traffic only when enabled (default)
fallbackPersistenceMethod       Holds name of simple persistence method or BIG-IP AS3 pointer to persistence method
httpMrfRoutingEnabled boolean false true, false Specifies whether to use the HTTP message routing framework (MRF) functionality. This property is available on BIGIP 14.1 and above.
include       Keyword to allow for inclusion of one part of the declaration into another
ipIntelligencePolicy object     Reference to a IP Intelligence Policy
iRules array     List iRules for this virtual server (order is significant)
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
lastHop   “default”   Name of built-in last-hop method or BIG-IP AS3 pointer to last-hop pool (default ‘default’ means use system setting)
layer4 string “tcp” “any”, “tcp”, “udp”, “3pc”, “a/n”, “ah”, “argus”, “aris”, “ax.25”, “bbn-rcc”, “bna”, “br-sat-mon”, “cbt”, “cftp”, “chaos”, “compaq-peer”, “cphb”, “cpnx”, “crdup”, “crtp”, “dccp”, “dcn”, “ddp”, “ddx”, “dgp”, “dsr”, “egp”, “eigrp”, “emcon”, “encap”, “esp”, “etherip”, “fc”, “fire”, “ggp”, “gmtp”, “gre”, “hip”, “hmp”, “hopopt”, “i-nlsp”, “iatp”, “icmp”, “idpr”, “idpr-cmtp”, “idrp”, “ifmp”, “igmp”, “igp”, “il”, “ip”, “ipcomp”, “ipcv”, “ipencap”, “ipip”, “iplt”, “ippc”, “ipv6”, “ipv6-auth”, “ipv6-crypt”, “ipv6-frag”, “ipv6-icmp”, “ipv6-nonxt”, “ipv6-opts”, “ipv6-route”, “ipx-in-ip”, “irtp”, “isis”, “iso-ip”, “iso-tp4”, “kryptolan”, “l2tp”, “larp”, “leaf-1”, “leaf-2”, “manet”, “merit-inp”, “mfe-nsp”, “micp”, “mobile”, “mpls-in-ip”, “mtp”, “mux”, “narp”, “netblt”, “nsfnet-igp”, “nvp”, “ospf”, “pgm”, “pim”, “pipe”, “pnni”, “prm”, “ptp”, “pup”, “pvp”, “qnx”, “rdp”, “rsvp”, “rsvp-e2e-ignore”, “rvd”, “sat-expak”, “sat-mon”, “scc-sp”, “scps”, “sctp”, “sdrp”, “secure-vmtp”, “shim6”, “skip”, “sm”, “smp”, “snp”, “sprite-rpc”, “sps”, “srp”, “sscopmce”, “st”, “stp”, “sun-nd”, “swipe”, “tcf”, “tlsp”, “tp++”, “trunk-1”, “trunk-2”, “ttp”, “udplite”, “uti”, “vines”, “visa”, “vmtp”, “vrrp”, “wb-expak”, “wb-mon”, “wesp”, “wsn”, “xnet”, “xns-idp”, “xtp” The L4 protocol type for this virtual server
maxConnections integer 0 0 - ∞ Specifies the maximum number of concurrent connections you want to allow for the virtual server
maximumBandwidth       Specifies the maximum bandwidth allowed, in Mbps.
metadata object     Useful datapoints for tracking, tagging, and organizing declarations.
mirroring string “none” “none”, “L4” Controls connection-mirroring for high-availability
nat64Enabled boolean false true, false If true, translate IPv6 traffic into IPv4 (default false)
persistenceMethods array     List of persistence methods (each by name or BIG-IP AS3 pointer). Element 0 is primary (default) persistence method. Use ‘persistenceMethods: []’ for no persistence.
policyBandwidthControl object     BIG-IP AS3 pointer to Bandwidth Control Policy (policy must be static),Reference to a bandwidth control policy
policyFirewallEnforced object     Reference to a firewall (AFM) policy
policyFirewallStaged object     Reference to a firewall (AFM) policy
policyIdleTimeout object     Reference to a idle timeout policy
policyNAT object     BIG-IP AS3 pointer to NAT policy declaration
pool       BIG-IP AS3 pointer to pool if any (declared separately)
profileAnalyticsTcp object     Reference to a Analytics_TCP_Profile
profileClassification object     Reference to a classification profile
profileDiameterEndpoint object     Reference to a enforcement profile diameter endpoint
profileDNS object     Reference to a DNS profile
profileEnforcement object     Reference to a enforcement profile
profileFIX object     Reference to a FIX profile
profileIntegratedBotDefense object     BIG-IP AS3 pointer to an Integrated Bot Defense Profile. These are only supported in tmos version 17.0+.,Reference to a Integrated Bot Defense Profile
profileIPOther object     Reference to a ipother profile
profileL4   “basic”   L4 profile; name of built-in or else BIG-IP AS3 pointer
profileProtocolInspection object     BIG-IP AS3 pointer to Protocol Inspection Profile declaration,Reference to a Protocol Inspection Profile
profileRewrite object     Reference to a Rewrite Profile
profileSubscriberManagement object     Reference to a enforcement subscriber management profile
profileTrafficLog object     Reference to a traffic log profile
rateLimit integer 0 0 - ∞ Specifies the maximum number of connections per second allowed for a virtual server
rejectVlans array     Names of existing VLANs to add to this virtual server to reject.
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
securityLogProfiles array     Specifies the log profile applied to the virtual server
serviceDownImmediateAction string “none” “none”, “drop”, “reset” Specifies the immediate action the BIG-IP system should respond with upon the receipt of the initial client’s SYN packet if the availability status of the virtual server is Offline or Unavailable. This is supported for the virtual server of Standard type and TCP protocol. The default value is none.
shareAddresses boolean false true, false A user set boolean that indicates whether the virtualAddresses should be added to or checked for /Common instead of the tenant. This value defaults to false, and so will put the virtualAddresses into their tenant.
snat   “auto”   Name of built-in SNAT method or BIG-IP AS3 pointer to SNAT pool. If ‘self’, the system uses the virtual-server address as SNAT address
sourceAddress string   “f5ip” formatted string Accept connections only from these subnet(s). Only allowed if virtualType is internal, otherwise use virtualAddresses.
translateClientPort boolean, string false true, false If true, hide client’s port number from server. A value of true is the same as the string ‘change’ while a value of false is the same as the string ‘preserve’. The value ‘preserve-strict’ is the only other allowed value for a string
translateServerAddress boolean true true, false If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateServerPort boolean true true, false If true (default), make server-side connection to server port (otherwise, connect to server on virtual-server port)
virtualAddresses array     Virtual server will listen to each IP address in list. To accept connections only from certain subnet(s), replace IP address with array [IP-address, accept-from-subnet]. IP address can also be replaced by a reference to a Service_Address.
virtualPort integer   0 - 65535 virtual server port

Service_L4_Core.clonePools (object)

Specifies a pool that the virtual server uses to replicate either client or server traffic

Properties (* = required):

name type(s) default allowed values description
egress object     Egress (server-side context) clone pool,Reference to a pool
ingress object     Ingress (client-side context) clone pool,Reference to a pool

Service_L4_Core.clonePools.egress (object)

Egress (server-side context) clone pool Reference to a pool

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP pool
use string     AS3 pointer to pool declaration

Service_L4_Core.clonePools.ingress (object)

Ingress (client-side context) clone pool Reference to a pool

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP pool
use string     AS3 pointer to pool declaration

Service_L4_Core.ipIntelligencePolicy (object)

Reference to a IP Intelligence Policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP IP Intelligence Policy

Service_L4_Core.metadata (object)

Useful datapoints for tracking, tagging, and organizing declarations.

Properties (* = required):

name type(s) default allowed values description
/*/ object      

Service_L4_Core.metadata./*/ (object)

Properties (* = required):

name type(s) default allowed values description
persist boolean true true, false  
value* string      

Service_L4_Core.policyBandwidthControl (object)

BIG-IP AS3 pointer to Bandwidth Control Policy (policy must be static) Reference to a bandwidth control policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP bandwidth control policy
use string     AS3 pointer to bandwidth control policy declaration

Service_L4_Core.policyFirewallEnforced (object)

Reference to a firewall (AFM) policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP firewall (AFM) policy
use string     AS3 pointer to firewall (AFM) policy declaration

Service_L4_Core.policyFirewallStaged (object)

Reference to a firewall (AFM) policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP firewall (AFM) policy
use string     AS3 pointer to firewall (AFM) policy declaration

Service_L4_Core.policyIdleTimeout (object)

Reference to a idle timeout policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP idle timeout policy
use string     AS3 pointer to idle timeout policy declaration

Service_L4_Core.policyNAT (object)

BIG-IP AS3 pointer to NAT policy declaration

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP NAT policy
use string     BIG-IP AS3 pointer to NAT policy declaration

Service_L4_Core.profileAnalyticsTcp (object)

Reference to a Analytics_TCP_Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Analytics_TCP_Profile
use string     AS3 pointer to Analytics_TCP_Profile declaration

Service_L4_Core.profileClassification (object)

Reference to a classification profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP classification profile
use string     AS3 pointer to classification profile declaration

Service_L4_Core.profileDiameterEndpoint (object)

Reference to a enforcement profile diameter endpoint

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP enforcement profile diameter endpoint
use string     AS3 pointer to enforcement profile diameter endpoint declaration

Service_L4_Core.profileDNS (object)

Reference to a DNS profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP DNS profile
use string     AS3 pointer to DNS profile declaration

Service_L4_Core.profileEnforcement (object)

Reference to a enforcement profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP PEM spm policy
use string     AS3 pointer to enforcement profile declaration

Service_L4_Core.profileFIX (object)

Reference to a FIX profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP FIX profile
use string     AS3 pointer to FIX profile declaration

Service_L4_Core.profileIntegratedBotDefense (object)

BIG-IP AS3 pointer to an Integrated Bot Defense Profile. These are only supported in tmos version 17.0+. Reference to a Integrated Bot Defense Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Integrated Bot Defense Profile

Service_L4_Core.profileIPOther (object)

Reference to a ipother profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP ipother profile
use string     AS3 pointer to ipother profile declaration

Service_L4_Core.profileProtocolInspection (object)

BIG-IP AS3 pointer to Protocol Inspection Profile declaration Reference to a Protocol Inspection Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Protocol Inspection Profile
use string     AS3 pointer to Protocol Inspection Profile declaration

Service_L4_Core.profileRewrite (object)

Reference to a Rewrite Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Rewrite Profile
use string     AS3 pointer to Rewrite Profile declaration

Service_L4_Core.profileSubscriberManagement (object)

Reference to a enforcement subscriber management profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP PEM subscriber-mgmt policy
use string     AS3 pointer to enforcement subscriber management profile declaration

Service_L4_Core.profileTrafficLog (object)

Reference to a traffic log profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Request Logging Profile
use string     AS3 pointer to traffic log profile declaration

Service_TCP_Core (object)

Core attributes of TCP virtual server Core attributes of a virtual server Defines inclusion of one part of the schema into another

Properties (* = required):

name type(s) default allowed values description
/*/        
addressStatus boolean true true, false Specifies whether the virtual server will contribute to the operational status of the associated virtual address
adminState string “enable” “enable”, “disable” Specifies the state of the Service. When set to disable the Service no longer accepts new connection requests, but will allow current connections to finish processing before going to a down state.
allowVlans array     Names of existing VLANs to add to this virtual server to allow.
clientTLS       BIG-IP AS3 pointer to TLS Client declaration
clonePools object     Specifies a pool that the virtual server uses to replicate either client or server traffic
enable boolean true true, false Virtual server handles traffic only when enabled (default)
fallbackPersistenceMethod       Holds name of simple persistence method or BIG-IP AS3 pointer to persistence method
httpMrfRoutingEnabled boolean false true, false Specifies whether to use the HTTP message routing framework (MRF) functionality. This property is available on BIGIP 14.1 and above.
include       Keyword to allow for inclusion of one part of the declaration into another
ipIntelligencePolicy object     Reference to a IP Intelligence Policy
iRules array     List iRules for this virtual server (order is significant)
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
lastHop   “default”   Name of built-in last-hop method or BIG-IP AS3 pointer to last-hop pool (default ‘default’ means use system setting)
layer4 string “tcp” “tcp” For TCP virtual server, Layer 4 protocol must be TCP
maxConnections integer 0 0 - ∞ Specifies the maximum number of concurrent connections you want to allow for the virtual server
maximumBandwidth       Specifies the maximum bandwidth allowed, in Mbps.
metadata object     Useful datapoints for tracking, tagging, and organizing declarations.
mirroring string “none” “none”, “L4” Controls connection-mirroring for high-availability
nat64Enabled boolean false true, false If true, translate IPv6 traffic into IPv4 (default false)
persistenceMethods array     List of persistence methods (each by name or BIG-IP AS3 pointer). Element 0 is primary (default) persistence method. Use ‘persistenceMethods: []’ for no persistence.
policyBandwidthControl object     BIG-IP AS3 pointer to Bandwidth Control Policy (policy must be static),Reference to a bandwidth control policy
policyEndpoint       BIG-IP AS3 pointer to Endpoint policy declaration
policyFirewallEnforced object     Reference to a firewall (AFM) policy
policyFirewallStaged object     Reference to a firewall (AFM) policy
policyIdleTimeout object     Reference to a idle timeout policy
policyNAT object     BIG-IP AS3 pointer to NAT policy declaration
pool       BIG-IP AS3 pointer to pool if any (declared separately)
profileAnalyticsTcp object     Reference to a Analytics_TCP_Profile
profileClassification object     Reference to a classification profile
profileDiameterEndpoint object     Reference to a enforcement profile diameter endpoint
profileDNS object     Reference to a DNS profile
profileEnforcement object     Reference to a enforcement profile
profileFIX object     Reference to a FIX profile
profileIntegratedBotDefense object     BIG-IP AS3 pointer to an Integrated Bot Defense Profile. These are only supported in tmos version 17.0+.,Reference to a Integrated Bot Defense Profile
profileIPOther object     Reference to a ipother profile
profileProtocolInspection object     BIG-IP AS3 pointer to Protocol Inspection Profile declaration,Reference to a Protocol Inspection Profile
profileRewrite object     Reference to a Rewrite Profile
profileSSHProxy object     Reference to a SSH proxy profile
profileStream object     Reference to a stream profile
profileSubscriberManagement object     Reference to a enforcement subscriber management profile
profileTCP   “normal”   TCP profile; name of built-in or else BIG-IP AS3 pointer
profileTrafficLog object     Reference to a traffic log profile
rateLimit integer 0 0 - ∞ Specifies the maximum number of connections per second allowed for a virtual server
rejectVlans array     Names of existing VLANs to add to this virtual server to reject.
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
securityLogProfiles array     Specifies the log profile applied to the virtual server
serverTLS       BIG-IP AS3 pointer to TLS Server declaration
serviceDownImmediateAction string “none” “none”, “drop”, “reset” Specifies the immediate action the BIG-IP system should respond with upon the receipt of the initial client’s SYN packet if the availability status of the virtual server is Offline or Unavailable. This is supported for the virtual server of Standard type and TCP protocol. The default value is none.
shareAddresses boolean false true, false A user set boolean that indicates whether the virtualAddresses should be added to or checked for /Common instead of the tenant. This value defaults to false, and so will put the virtualAddresses into their tenant.
snat   “auto”   Name of built-in SNAT method or BIG-IP AS3 pointer to SNAT pool. If ‘self’, the system uses the virtual-server address as SNAT address
sourceAddress string   “f5ip” formatted string Accept connections only from these subnet(s). Only allowed if virtualType is internal, otherwise use virtualAddresses.
translateClientPort boolean, string false true, false If true, hide client’s port number from server. A value of true is the same as the string ‘change’ while a value of false is the same as the string ‘preserve’. The value ‘preserve-strict’ is the only other allowed value for a string
translateServerAddress boolean true true, false If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateServerPort boolean true true, false If true (default), make server-side connection to server port (otherwise, connect to server on virtual-server port)
virtualAddresses array     Virtual server will listen to each IP address in list. To accept connections only from certain subnet(s), replace IP address with array [IP-address, accept-from-subnet]. IP address can also be replaced by a reference to a Service_Address.
virtualPort integer   0 - 65535 virtual server TCP port
virtualType string “standard” “standard”, “internal” Type of the virtual

Service_TCP_Core.clonePools (object)

Specifies a pool that the virtual server uses to replicate either client or server traffic

Properties (* = required):

name type(s) default allowed values description
egress object     Egress (server-side context) clone pool,Reference to a pool
ingress object     Ingress (client-side context) clone pool,Reference to a pool

Service_TCP_Core.clonePools.egress (object)

Egress (server-side context) clone pool Reference to a pool

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP pool
use string     AS3 pointer to pool declaration

Service_TCP_Core.clonePools.ingress (object)

Ingress (client-side context) clone pool Reference to a pool

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP pool
use string     AS3 pointer to pool declaration

Service_TCP_Core.ipIntelligencePolicy (object)

Reference to a IP Intelligence Policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP IP Intelligence Policy

Service_TCP_Core.metadata (object)

Useful datapoints for tracking, tagging, and organizing declarations.

Properties (* = required):

name type(s) default allowed values description
/*/ object      

Service_TCP_Core.metadata./*/ (object)

Properties (* = required):

name type(s) default allowed values description
persist boolean true true, false  
value* string      

Service_TCP_Core.policyBandwidthControl (object)

BIG-IP AS3 pointer to Bandwidth Control Policy (policy must be static) Reference to a bandwidth control policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP bandwidth control policy
use string     AS3 pointer to bandwidth control policy declaration

Service_TCP_Core.policyFirewallEnforced (object)

Reference to a firewall (AFM) policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP firewall (AFM) policy
use string     AS3 pointer to firewall (AFM) policy declaration

Service_TCP_Core.policyFirewallStaged (object)

Reference to a firewall (AFM) policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP firewall (AFM) policy
use string     AS3 pointer to firewall (AFM) policy declaration

Service_TCP_Core.policyIdleTimeout (object)

Reference to a idle timeout policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP idle timeout policy
use string     AS3 pointer to idle timeout policy declaration

Service_TCP_Core.policyNAT (object)

BIG-IP AS3 pointer to NAT policy declaration

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP NAT policy
use string     BIG-IP AS3 pointer to NAT policy declaration

Service_TCP_Core.profileAnalyticsTcp (object)

Reference to a Analytics_TCP_Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Analytics_TCP_Profile
use string     AS3 pointer to Analytics_TCP_Profile declaration

Service_TCP_Core.profileClassification (object)

Reference to a classification profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP classification profile
use string     AS3 pointer to classification profile declaration

Service_TCP_Core.profileDiameterEndpoint (object)

Reference to a enforcement profile diameter endpoint

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP enforcement profile diameter endpoint
use string     AS3 pointer to enforcement profile diameter endpoint declaration

Service_TCP_Core.profileDNS (object)

Reference to a DNS profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP DNS profile
use string     AS3 pointer to DNS profile declaration

Service_TCP_Core.profileEnforcement (object)

Reference to a enforcement profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP PEM spm policy
use string     AS3 pointer to enforcement profile declaration

Service_TCP_Core.profileFIX (object)

Reference to a FIX profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP FIX profile
use string     AS3 pointer to FIX profile declaration

Service_TCP_Core.profileIntegratedBotDefense (object)

BIG-IP AS3 pointer to an Integrated Bot Defense Profile. These are only supported in tmos version 17.0+. Reference to a Integrated Bot Defense Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Integrated Bot Defense Profile

Service_TCP_Core.profileIPOther (object)

Reference to a ipother profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP ipother profile
use string     AS3 pointer to ipother profile declaration

Service_TCP_Core.profileProtocolInspection (object)

BIG-IP AS3 pointer to Protocol Inspection Profile declaration Reference to a Protocol Inspection Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Protocol Inspection Profile
use string     AS3 pointer to Protocol Inspection Profile declaration

Service_TCP_Core.profileRewrite (object)

Reference to a Rewrite Profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Rewrite Profile
use string     AS3 pointer to Rewrite Profile declaration

Service_TCP_Core.profileSSHProxy (object)

Reference to a SSH proxy profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP SSH proxy profile
use string     AS3 pointer to SSH proxy profile declaration

Service_TCP_Core.profileStream (object)

Reference to a stream profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP stream profile
use string     AS3 pointer to stream profile declaration

Service_TCP_Core.profileSubscriberManagement (object)

Reference to a enforcement subscriber management profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP PEM subscriber-mgmt policy
use string     AS3 pointer to enforcement subscriber management profile declaration

Service_TCP_Core.profileTrafficLog (object)

Reference to a traffic log profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Request Logging Profile
use string     AS3 pointer to traffic log profile declaration