NAT_Source_Translation (object)¶
Configures a Security network address translation source translation object
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| addresses | array | Specifies addresses on which source translation is performed | ||
| allowEgressInterfaces | array | Specifies the egress interfaces (tunnels and VLANs) on which source translation is allowed | ||
| class | string | “NAT_Source_Translation” | ||
| clientConnectionLimit | integer | 0 - 2147483647 | Maximum number of simultaneous translated connections a client or subscriber is allowed to have | |
| disallowEgressInterfaces | array | Specifies the egress interfaces (tunnels and VLANs) on which source translation is not allowed | ||
| excludeAddresses | array | Specifies the set of addresses excluded from translation IP addresses available in the pool. This property is available on BIGIP 14.1 and above. | ||
| hairpinModeEnabled | boolean | true, false | Enables or disables hairpinning for incoming connections to active translation end-points | |
| inboundMode | string | “endpoint-independent-filtering”, “explicit”, “none” | Specifies the persistence settings for NAT translation entries | |
| label | string | “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” | Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML | |
| mapping | object | Configure the mapping settings for translation entries. It is the preservation of a public-side IP address for a client from session to session. Only available if type is dynamic-pat. | ||
| patMode | string | “napt”, “deterministic”, “pba” | Specifies whether the translation address mapping is performed in Network Address Port Translation mode, Deterministic mode, or in Port Block Allocation mode | |
| portBlockAllocation | object | Configure the port block allocation | ||
| ports | array | Specifies source ports and port ranges on which source translation is performed | ||
| remark | string | “^[^x00-x1fx22x5cx7f]*$” | Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks | |
| routeAdvertisement | boolean | false | true, false | Specifies that the traffic is advertised to dynamic routing protocols configured in the route domain |
| type* | string | “dynamic-pat”, “static-nat”, “static-pat” | Specifies the type of source translation item |
NAT_Source_Translation.mapping (object)¶
Configure the mapping settings for translation entries. It is the preservation of a public-side IP address for a client from session to session. Only available if type is dynamic-pat.
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| mode | string | “address-pooling-paired” | “address-pooling-paired”, “endpoint-independent-mapping”, “none” | Specifies the mapping mode for translation entries |
| timeout | integer | 300 | 0 - 2147483647 | Specifies the timeout (in seconds) for address and port mapping |
NAT_Source_Translation.portBlockAllocation (object)¶
Configure the port block allocation
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| blockIdleTimeout | integer | 3600 | 0 - 2147483647 | Specifies the amount of time in seconds that an assigned block of ports remains available when idle before it times out |
| blockLifetime | integer | 0 | 0 - 2147483647 | Specifies the lifetime in seconds of a block of ports |
| blockSize | integer | 64 | 0 - 2147483647 | Specifies the number of ports per block. Each block is assigned to one client. A client can use all ports in a block multiplied by the number of blocks, up to the connection limit, if one is set |
| clientBlockLimit | integer | 1 | 0 - 2147483647 | Specifies the number of blocks that can be assigned to a client |
| zombieTimeout | integer | 0 | 0 - 2147483647 | Specifies the timeout duration for a zombie port block, which is a timed out port block with one or more active connections |
NAT_Source_Translation_Mapping (object)¶
Configure the mapping settings for translation entries. It is the preservation of a public-side IP address for a client from session to session. Only available if type is dynamic-pat.
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| mode | string | “address-pooling-paired” | “address-pooling-paired”, “endpoint-independent-mapping”, “none” | Specifies the mapping mode for translation entries |
| timeout | integer | 300 | 0 - 2147483647 | Specifies the timeout (in seconds) for address and port mapping |
NAT_Source_Translation_PortBlockAllocation (object)¶
Configure the port block allocation
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| blockIdleTimeout | integer | 3600 | 0 - 2147483647 | Specifies the amount of time in seconds that an assigned block of ports remains available when idle before it times out |
| blockLifetime | integer | 0 | 0 - 2147483647 | Specifies the lifetime in seconds of a block of ports |
| blockSize | integer | 64 | 0 - 2147483647 | Specifies the number of ports per block. Each block is assigned to one client. A client can use all ports in a block multiplied by the number of blocks, up to the connection limit, if one is set |
| clientBlockLimit | integer | 1 | 0 - 2147483647 | Specifies the number of blocks that can be assigned to a client |
| zombieTimeout | integer | 0 | 0 - 2147483647 | Specifies the timeout duration for a zombie port block, which is a timed out port block with one or more active connections |