L4 Profile (object)

Configures a Fast Layer 4 profile

Properties (* = required):

name type(s) default allowed values description
class* string   “L4_Profile”  
clientTimeout integer 30 -1 - 86400 Number of seconds allowed for a client to transmit enough data to select a server when you have late binding enabled. Value -1 means indefinite (not recommended)
idleTimeout integer 300 -∞ - -Infinity Number of seconds (default 300; may not be 0) connection may remain idle before it becomes eligible for deletion. Value -1 (not recommended) means infinite
keepAliveInterval integer 0 0 - 4294967295 Number of seconds between keep-alive probes. A value of 0 seconds disables the feature.
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
looseClose boolean false true, false When true, system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server (default false).
looseInitialization boolean false true, false When true, system initializes a connection when it receives any TCP packet, rather than requiring a SYN packet for connection initiation (default false).
maxSegmentSize integer 0 -∞ - -Infinity Sets MSS advertised to peer. Value 0 (default) will set MSS automatically in proportion to interface MTU. Default 0 is usually the best choice
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
resetOnTimeout boolean true true, false If true (default), connections which time out will be reset (that is, the system sends an RST packet to the peer) before the system expunges them
synCookieAllowlist boolean false true, false Specifies whether or not to use a SYN Cookie Allowlist when doing software SYN Cookies. This means not doing a SYN Cookie for the same src IP address if it has been done already in the previous tm.flowstate.timeout (30) seconds. The default value is disabled.
synCookieEnable boolean true true, false Enables syn-cookies capability on this virtual server. If true (default), the system may use SYN cookies to avert connection-table overflow (for example, from DoS attacks)
tcpCloseTimeout integer 5 -1 - 86400 Specifies an TCP close timeout in seconds. Value -1 means indefinite (not recommended)
tcpHandshakeTimeout integer 5 -1 - 86400 Specifies a TCP handshake timeout in seconds. The default value is 5 seconds. Value -1 means indefinite (not recommended)